Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability
Last Update Date:
7 Oct 2013 12:07
Release Date:
7 Oct 2013
3141
Views
RISK: Medium Risk
TYPE: Clients - Graphics & Design
![TYPE: Graphics & Design](/f/bulletin_type/100024/37p37/client-graphics-and-design.png)
A vulnerability has been identified in Corel PaintShop Pro X5 and X6, which can be exploited by malicious people to compromise a user's system.
The application loads libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an e.g. ".jpg" file located on a remote WebDAV or SMB share.
The vulnerability is confirmed in versions 15.2.0.2 and 16.0.0.113. Other versions may also be affected.
Impact
- Remote Code Execution
System / Technologies affected
- Corel PaintShop Pro X5 15.x
- Corel PaintShop Pro X5 16.x
Solutions
- NOTE: Vulnerability has no patch available
Vulnerability Identifier
Source
Related Link
Share with