CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2804
https://notcve.org/view.php?id=CVE-2017-2804
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de límites remota en la funcionalidad de análisis sintáctico de TIFF de Core PHOTO-PAINT X8 18.1.0.661. Un archivo TIFF especialmente manipulado puede provocar una vulnerabilidad que podría daría lugar a una potencial corrupción de memoria. • http://www.securityfocus.com/bid/99900 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0298 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8730
https://notcve.org/view.php?id=CVE-2016-8730
An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de límites/corrupción de memoria en la funcionalidad de análisis sintáctico de GIF de Core PHOTO-PAINT X8 18.1.0.661. Un archivo GIF especialmente manipulado puede provocar una vulnerabilidad que podría daría lugar a una potencial corrupción de memoria y la ejecución de código. • http://www.securityfocus.com/bid/99900 https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0244 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2803
https://notcve.org/view.php?id=CVE-2017-2803
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version. Existe una vulnerabilidad de escritura fuera de límites remota en la funcionalidad de análisis sintáctico de TIFF de Core PHOTO-PAINT X8 18.1.0.661. • http://www.securityfocus.com/bid/99900 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0297 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2014-8393 – CorelDRAW X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2014-8393
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. Existe una vulnerabilidad de secuestro de DLL en CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015 y Corel PDF Fusion. Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document. • https://www.exploit-db.com/exploits/14786 https://www.exploit-db.com/exploits/14787 http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html http://seclists.org/fulldisclosure/2015/Jan/33 http://secunia.com/advisories/62210 http://www.coresecurity.com/advisories/corel-software-dll-hijacking http://www.securityfocus.com/archive/1/534452/100/0/threaded http://www.securityfocus.com/bid/72005 http://www.securitytracker.com/id/1031522 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.9EPSS: 95%CPEs: 2EXPL: 2CVE-2010-5240 – CorelDRAW X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-5240
Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de path de búsqueda no confiable en Corel PHOTO-PAINT y CorelDRAW X5 v15.1.0.588, permite a usuario locales obtener privilegios a través de un fichero (1) dwmapi.dll o (2) CrlRib.dll troyanizados en el directorio de trabajo actual, como se demostró mediante un directorio que contenía un fichero .cdr, .cpt, .cmx, or .csl. NOTA: Algunos de estos detalles se han obtenido de terceros. • https://www.exploit-db.com/exploits/14786 https://www.exploit-db.com/exploits/14787 http://secunia.com/advisories/41148 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4953.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4954.php •