![]() Technical Description / Proof of Concept Code The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team.ħ. This vulnerability was discovered and researched by Marcos Accossatto from Core Security Exploit Writers Team. Given that this is a client-side vulnerability, affected users should avoid opening untrusted files whose extensions are associated with Corel software and contain any of the DLL files detailed below. ![]() Vendor Information, Solutions and Workarounds Other versions could be affected too, but they were not checked. ![]() ![]() When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document. (CorelDRAW,Corel Photo-Paint, Corel PaintShop Pro, Corel CAD, Corel Painter, Corel PDF Fusion, Corel VideoStudio and Corel FastFlick among others) Vulnerability InformationĬlass: Uncontrolled Search Path Element ĬVE Name: CVE-2014-8393, CVE-2014-8394, CVE-2014-8395, CVE-2014-8396, CVE-2014-8397, CVE-2014-8398Ĭorel has developed a wide range of products that includes graphics, painting, photo, video and office software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |