CVSS: 4.6EPSS: 97%CPEs: 2EXPL: 0CVE-2014-8397 – Corel Software DLL Hijacking
https://notcve.org/view.php?id=CVE-2014-8397
Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed. Vulnerabilidad de ruta de búsqueda no confiable en Corel VideoStudio PRO X7 o FastFlick permite a usuarios locales ejecutar código arbitrario y realizar ataques del secuestro de DLL a través de un fichero u32ZLib.dll troyano que se ubica en la misma carpeta que el fichero siendo procesado. Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document. • http://seclists.org/fulldisclosure/2015/Jan/33 http://www.coresecurity.com/advisories/corel-software-dll-hijacking http://www.securityfocus.com/archive/1/534452/100/0/threaded http://www.securityfocus.com/bid/72009 •
CVSS: 4.6EPSS: 97%CPEs: 1EXPL: 0CVE-2014-8398 – Corel Software DLL Hijacking
https://notcve.org/view.php?id=CVE-2014-8398
Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed. Múltiples vulnerabilidades de ruta de búsqueda no confiable en Corel FastFlick permiten a usuarios locales ejecutar código arbitrario y realizar ataques del secuestro de DLL a través de un fichero (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, o (9) VC1DecDll_SSE3.dll troyano que se ubica en la misma carpeta que el fichero siendo procesado. Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document. • http://seclists.org/fulldisclosure/2015/Jan/33 http://www.coresecurity.com/advisories/corel-software-dll-hijacking http://www.securityfocus.com/archive/1/534452/100/0/threaded http://www.securityfocus.com/bid/72010 •
CVSS: 9.3EPSS: 97%CPEs: 2EXPL: 0CVE-2013-0733
https://notcve.org/view.php?id=CVE-2013-0733
Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file. Vulnerabilidad de búsqueda de ruta no confiable en Corel PaintShop Pro X5 y X6 16.0.0.113, 15.2.0.2 y anteriores permite a usuarios locales ejecutar código arbitrario y realizar ataques de secuestro de DLL a través de un caballo de troya dwmapi.dll que está situado en la misma carpeta que un archivo .jpg. • http://osvdb.org/98163 http://secunia.com/advisories/53618 http://www.securityfocus.com/bid/62836 https://exchange.xforce.ibmcloud.com/vulnerabilities/87763 •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 2CVE-2013-0742 – Corel PDF Fusion - Local Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0742
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file. Desbordamiento de buffer basado en pila en Corel PDF Fusion 1.11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (cuelgue de la aplicación) a través de un directorio largo ZIP con nombre de entrada en un archivo XPS. • https://www.exploit-db.com/exploits/26805 http://osvdb.org/show/osvdb/94933 http://secunia.com/advisories/52707 http://www.exploit-db.com/exploits/26805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-3248 – Corel PDF Fusion - Local Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-3248
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file. Vulnerabilidad de búsqueda de ruta no confiable en Corel PDF Fusion 1.11 permite a usuarios locales obtener privilegios a través de un caballo de troya en el archivo wintab32.dll del directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo .pdf o .xps. • https://www.exploit-db.com/exploits/26805 http://osvdb.org/show/osvdb/94934 http://secunia.com/advisories/52707 •