Page 4 of 17 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2

DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. Existe una vulnerabilidad de secuestro de DLL en CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015 y Corel PDF Fusion. Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document. • https://www.exploit-db.com/exploits/14786 https://www.exploit-db.com/exploits/14787 http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html http://seclists.org/fulldisclosure/2015/Jan/33 http://secunia.com/advisories/62210 http://www.coresecurity.com/advisories/corel-software-dll-hijacking http://www.securityfocus.com/archive/1/534452/100/0/threaded http://www.securityfocus.com/bid/72005 http://www.securitytracker.com/id/1031522 • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.9EPSS: 95%CPEs: 2EXPL: 2

Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de path de búsqueda no confiable en Corel PHOTO-PAINT y CorelDRAW X5 v15.1.0.588, permite a usuario locales obtener privilegios a través de un fichero (1) dwmapi.dll o (2) CrlRib.dll troyanizados en el directorio de trabajo actual, como se demostró mediante un directorio que contenía un fichero .cdr, .cpt, .cmx, or .csl. NOTA: Algunos de estos detalles se han obtenido de terceros. • https://www.exploit-db.com/exploits/14786 https://www.exploit-db.com/exploits/14787 http://secunia.com/advisories/41148 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4953.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4954.php •