Corel VideoStudio Pro X7 and Corel FastFlix are prone to a vulnerability that may allow the loading and execution of any library file named u32ZLib.dll, if this dll is located in the same folder where a .VSP or .VFP file is. The attacker must entice a victim into opening a specially crafted .VSP or .VFP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Corel PHOTO-PAINT is prone to a vulnerability that may allow execution of crlrib.dll if this dll is located in the same folder than .CPT file. The attacker must entice a victim into opening a specially crafted .CPT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Corel PDF Fusion is prone to a stack-based buffer overflow vulnerability when parsing long names in ZIP directory entries within an XPS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Corel PDF Fusion is prone to a vulnerability that may allow the loading and execution of any library file named quserex.dll, if this dll is located in the same folder where a .PDF file is. The attacker must entice a victim into opening a specially crafted .PDF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
The vulnerability is caused due to a boundary error within the handling of .PNG files and can be exploited to cause a stack-based buffer overflow via a specially crafted .PNG file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Corel PaintShop Pro is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .JPG file. The attacker must entice a victim into opening a specially crafted .JPG file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Corel Painter 2015 is prone to a vulnerability that may allow the loading and execution of any library file named wacommt.dll, if this dll is located in the same folder where a .RIF file is. The attacker must entice a victim into opening a specially crafted .RIF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Corel FastFlix is prone to a vulnerability that may allow the loading and execution of any library file named igfxcmrt32.dll or ipl.dll or MSPStyleLib.dll or uFioUtil.dll or uhDSPlay.dll or uipl.dll or uvipl.dll or VC1DecDll.dll or VC1DecDll_SSE3.dll, if this dll is located in the same folder where a .VFP file is. The attacker must entice a victim into opening a specially crafted .VFP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
CorelDRAW X3 is prone to a vulnerability that may allow execution of crlrib.dll if this dll is located in the same folder than .CSL file. The attacker must entice a victim into opening a specially crafted .CSL file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Subscribe to Client Side