CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2014-8393 – CorelDRAW X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2014-8393
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. Existe una vulnerabilidad de secuestro de DLL en CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015 y Corel PDF Fusion. Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document. • https://www.exploit-db.com/exploits/14786 https://www.exploit-db.com/exploits/14787 http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html http://seclists.org/fulldisclosure/2015/Jan/33 http://secunia.com/advisories/62210 http://www.coresecurity.com/advisories/corel-software-dll-hijacking http://www.securityfocus.com/archive/1/534452/100/0/threaded http://www.securityfocus.com/bid/72005 http://www.securitytracker.com/id/1031522 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 2CVE-2009-4251 – Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-4251
Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366. Desbordamiento de búfer basado en pila en Jasc Paint Shop Pro 8.10 (alias Corel Paint Shop Pro) permite a atacantes remotos asistidos por el usuario ejecutar código de su elección mediante un fichero PNG manipulado. NOTA: Esto puede causar el mismo problema que CVE-2007-2366. • https://www.exploit-db.com/exploits/10298 http://aluigi.freeforums.org/post8780.html http://osvdb.org/60592 http://secunia.com/advisories/37591 http://www.packetstormsecurity.org/0912-exploits/jasc-overflow.txt http://www.securityfocus.com/bid/37204 http://www.vupen.com/english/advisories/2009/3418 https://exchange.xforce.ibmcloud.com/vulnerabilities/54551 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 89%CPEs: 1EXPL: 1CVE-2007-2366 – Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2366
Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. Desbordamiento de búfer en el Corel Paint Shop Pro 11.20 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante una imagen .PNG modificada. • https://www.exploit-db.com/exploits/3812 http://osvdb.org/35467 http://secunia.com/advisories/25034 http://www.securityfocus.com/bid/23698 http://www.vupen.com/english/advisories/2007/1576 https://exchange.xforce.ibmcloud.com/vulnerabilities/33956 •
CVSS: 6.8EPSS: 19%CPEs: 2EXPL: 1CVE-2007-2209 – Corel Paint Shop Pro Photo 11.20 - '.clp' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2209
Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources. Un desbordamiento de búfer en igcore15d.dll versiones 15.1.2.0 y 15.2.0.0 para AccuSoft ImageGear, como es usado en Corel Paint Shop Pro Photo versión 11.20 y posiblemente otros productos, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo .CLP diseñado. NOTA: algunos detalles fueron obtenidos a partir de fuentes de terceros. • https://www.exploit-db.com/exploits/3779 http://osvdb.org/35308 http://osvdb.org/35386 http://secunia.com/advisories/25016 http://secunia.com/advisories/25050 http://www.securityfocus.com/bid/23604 http://www.securitytracker.com/id?1017963 http://www.vupen.com/english/advisories/2007/1506 https://exchange.xforce.ibmcloud.com/vulnerabilities/33821 •