CVE-2014-8393
CorelDRAW X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.
Existe una vulnerabilidad de secuestro de DLL en CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015 y Corel PDF Fusion.
Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-08-25 First Exploit
- 2014-10-22 CVE Reserved
- 2015-01-13 CVE Published
- 2024-08-06 CVE Updated
- 2025-01-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2015/Jan/33 | Mailing List |
|
| http://www.coresecurity.com/advisories/corel-software-dll-hijacking | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/534452/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/72005 | Third Party Advisory | |
| http://www.securitytracker.com/id/1031522 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/129922 | 2015-01-13 | |
| https://www.exploit-db.com/exploits/14786 | 2010-08-25 | |
| https://www.exploit-db.com/exploits/14787 | 2010-08-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Corel Search vendor "Corel" | Coreldraw Search vendor "Corel" for product "Coreldraw" | x7 Search vendor "Corel" for product "Coreldraw" and version "x7" | - |
Affected
| ||||||
| Corel Search vendor "Corel" | Coreldraw Photo Paint Search vendor "Corel" for product "Coreldraw Photo Paint" | x7 Search vendor "Corel" for product "Coreldraw Photo Paint" and version "x7" | - |
Affected
| ||||||
| Corel Search vendor "Corel" | Paint Shop Pro Search vendor "Corel" for product "Paint Shop Pro" | x7 Search vendor "Corel" for product "Paint Shop Pro" and version "x7" | - |
Affected
| ||||||
| Corel Search vendor "Corel" | Painter Search vendor "Corel" for product "Painter" | 2015 Search vendor "Corel" for product "Painter" and version "2015" | - |
Affected
| ||||||
| Corel Search vendor "Corel" | Pdf Fusion Search vendor "Corel" for product "Pdf Fusion" | - | - |
Affected
| ||||||