Executive Risk Summary
"A Write Access Violation vulnerability exists in XnView Classic before version 2.51.3 on Windows, which could potentially allow an attacker to execute arbitrary code. This vulnerability is identified as CVE-2023-52174 and can be exploited by targeting the xnview.exe executable at offset 0x3125D6."
Operational Audit Arsenal
Target Type executable
Target Asset xnview.exe
Standard Path %ProgramFiles%\XnView\xnview.exe
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: xnview.exe (executable)
$Targets = 'xnview.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Likely
Minimal
Internal Work Notes
Apply XnView Classic version 2.51.3 or later to mitigate CVE-2023-52174, a Write Access Violation vulnerability in xnview.exe.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttps://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html
Official Advisoryhttps://newsgroup.xnview.com/viewtopic.php?f=35&t=46016
Official Advisoryhttps://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html
Official Advisoryhttps://newsgroup.xnview.com/viewtopic.php?f=35&t=46016
Related XnView Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.