CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38108
https://notcve.org/view.php?id=CVE-2021-38108
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. La biblioteca Word97Import200.dll en Corel WordPerfect 2020 versión 20.0.0.200, está afectado por una vulnerabilidad de lectura fuera de límites cuando analiza un archivo diseñado. Un atacante no autenticado podría aprovechar esta vulnerabilidad para acceder a la memoria del sistema no autorizada en el contexto del usuario actual. • https://www.fortiguard.com/zeroday/FG-VD-21-037 https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-vulnerabilities-across-multiple-corel-products • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38110
https://notcve.org/view.php?id=CVE-2021-38110
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. La biblioteca Word97Import200.dll en Corel WordPerfect 2020 versión 20.0.0.200, está afectado por una vulnerabilidad de escritura fuera de límites cuando analiza un archivo diseñado. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://www.fortiguard.com/zeroday/FG-VD-21-036 https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-vulnerabilities-across-multiple-corel-products • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 11%CPEs: 1EXPL: 0CVE-2015-6948 – Corel WordPerfect Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6948
Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document. Desbordamiento de buffer basado en memoria dinámica en la funcionalidad conversión de documento en Corel WordPerfect, permite a atacantes remotos ejecutar código arbitrario a través de un documento manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Corel WordPerfect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from documents formatted for Microsoft Word. By providing a malformed file, an attacker can cause memory to be written past the end of a heap buffer. • http://www.securitytracker.com/id/1033559 http://www.zerodayinitiative.com/advisories/ZDI-15-410 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 3%CPEs: 2EXPL: 0CVE-2012-4900 – Corel WordPerfect X6 Standard Edition Untrusted Pointer Dereference
https://notcve.org/view.php?id=CVE-2012-4900
Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference Corel WordPerfect Office X6 versión 16.0.0.388, presenta una vulnerabilidad de DoS por medio de una desreferencia de puntero no confiable. Corel WordPerfect version X6 Standard Edition suffers from an untrusted pointer dereference vulnerability. • http://www.securityfocus.com/bid/58384 http://www.securitytracker.com/id/1028257 https://exchange.xforce.ibmcloud.com/vulnerabilities/82674 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 15%CPEs: 1EXPL: 3CVE-2007-1735 – Corel WordPerfect X3 13.0.0.565 - '.prs' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1735
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document. Desbordamiento de búfer basado en pila en Corel WordPerfect Office X3 (13.0.0.565) permite a atacantes remotos con intervención del usuario ejecutar código de su elección mediante un nombre de selección de impresora (PRS) largo en un documento Wordperfect. • https://www.exploit-db.com/exploits/3593 http://secunia.com/advisories/24664 http://securityreason.com/securityalert/2489 http://www.nop-art.net/advisories/wpwinX3.txt http://www.securityfocus.com/archive/1/464046/100/0/threaded http://www.securityfocus.com/bid/23177 http://www.vupen.com/english/advisories/2007/1145 https://exchange.xforce.ibmcloud.com/vulnerabilities/33286 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •