CVE-2014-8396
Corel Software DLL Hijacking
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.
Vulnerabilidad de ruta de búsqueda no confiable en Corel PDF Fusion permite a usuarios locales ejecutar código arbitrario y realizar ataques del secuestro de DLL a través de un fichero quserex.dll troyano que se ubica en la misma carpeta que el fichero siendo procesado.
Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-22 CVE Reserved
- 2015-01-13 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Jan/33 | Mailing List |
|
| http://www.coresecurity.com/advisories/corel-software-dll-hijacking | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/534452/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/72007 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Corel Search vendor "Corel" | Pdf Fusion Search vendor "Corel" for product "Pdf Fusion" | * | - |
Affected
| ||||||