CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2012-4728 – Corel Quattro Pro X6 Standard Edition NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2012-4728
The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file. Las funciones (1) QProGetNotebookWindowHandle y (2) Ordinal132 en QPW160.dll en Corel Quattro Pro X6 Standard Edition 16.0.0.388 y anteriores permiten a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída) a través de un archivo QPW manipulado. Corel Quattro Pro version X6 Standard Edition suffers from a NULL pointer dereference vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-03/0048.html http://osvdb.org/91039 http://osvdb.org/91040 http://packetstormsecurity.com/files/120713/Corel-Quattro-Pro-X6-Standard-Edition-NULL-Pointer-Dereference.html http://www.securityfocus.com/bid/58386 https://exchange.xforce.ibmcloud.com/vulnerabilities/82707 https://www.htbridge.com/advisory/HTB23112 •
CVSS: 5.5EPSS: 3%CPEs: 2EXPL: 0CVE-2012-4900 – Corel WordPerfect X6 Standard Edition Untrusted Pointer Dereference
https://notcve.org/view.php?id=CVE-2012-4900
Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference Corel WordPerfect Office X6 versión 16.0.0.388, presenta una vulnerabilidad de DoS por medio de una desreferencia de puntero no confiable. Corel WordPerfect version X6 Standard Edition suffers from an untrusted pointer dereference vulnerability. • http://www.securityfocus.com/bid/58384 http://www.securitytracker.com/id/1028257 https://exchange.xforce.ibmcloud.com/vulnerabilities/82674 • CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 95%CPEs: 2EXPL: 2CVE-2010-5240 – CorelDRAW X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-5240
Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de path de búsqueda no confiable en Corel PHOTO-PAINT y CorelDRAW X5 v15.1.0.588, permite a usuario locales obtener privilegios a través de un fichero (1) dwmapi.dll o (2) CrlRib.dll troyanizados en el directorio de trabajo actual, como se demostró mediante un directorio que contenía un fichero .cdr, .cpt, .cmx, or .csl. NOTA: Algunos de estos detalles se han obtenido de terceros. • https://www.exploit-db.com/exploits/14786 https://www.exploit-db.com/exploits/14787 http://secunia.com/advisories/41148 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4953.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4954.php •
CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 2CVE-2009-4251 – Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-4251
Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366. Desbordamiento de búfer basado en pila en Jasc Paint Shop Pro 8.10 (alias Corel Paint Shop Pro) permite a atacantes remotos asistidos por el usuario ejecutar código de su elección mediante un fichero PNG manipulado. NOTA: Esto puede causar el mismo problema que CVE-2007-2366. • https://www.exploit-db.com/exploits/10298 http://aluigi.freeforums.org/post8780.html http://osvdb.org/60592 http://secunia.com/advisories/37591 http://www.packetstormsecurity.org/0912-exploits/jasc-overflow.txt http://www.securityfocus.com/bid/37204 http://www.vupen.com/english/advisories/2009/3418 https://exchange.xforce.ibmcloud.com/vulnerabilities/54551 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 5CVE-2009-2564 – Adobe 9.x Related Service - 'getPlus_HelperSvc.exe' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2564
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot. GetPlus Download Manager de NOS Microsystems, tal y como es usado en Reader de Adobe versión 1.6.2.36 y posiblemente otras versiones, Corel getPlus Download Manager anterior a versión 1.5.0.48, y posiblemente otros productos, instala el archivo NOS\bin\getPlus_HelperSvc.exe con permisos no confiables (Everyone:Full Control), que permite a los usuarios locales alcanzar privilegios SYSTEM mediante el reemplazo de getPlus_HelperSvc.exe por un programa de tipo caballo de troya, como es demostrado por el uso de getPlus Download Manager en Reader de Adobe. NOTA: en Reader de Adobe, el alcance de este problema es limitado debido a que el programa se elimina y el servicio asociado no se inicia automáticamente después de una instalación y reinicio con éxito. • https://www.exploit-db.com/exploits/9199 https://www.exploit-db.com/exploits/9223 http://blogs.adobe.com/psirt/2009/07/local_privilege_escalation_in.html http://retrogod.altervista.org/9sg_adobe_local.html http://secunia.com/advisories/35930 http://secunia.com/advisories/36331 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.exploit-db.com/exploits/9199 http://www.securityfocus.com/archive/1/505095/100/0/thr • CWE-264: Permissions, Privileges, and Access Controls •