// For flags

CVE-2014-8394

Corel Software DLL Hijacking

Severity Score

4.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.

Múltiples vulnerabilidades de ruta de búsqueda no confiable en Corel CAD 2014 permiten a usuarios locales ejecutar código arbitrario y realizar ataques del secuestro de DLL a través de un fichero (1) FxManagedCommands_3.08_9.tx o (2) TD_Mgd_3.08_9.dll troyano en el directorio de trabajos actuales.

Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-22 CVE Reserved
  • 2015-01-13 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Corel
Search vendor "Corel"
 Corelcad
Search vendor "Corel" for product "Corelcad"
 2014
Search vendor "Corel" for product "Corelcad" and version "2014"
-
Affected