Corel PDF Fusion Multiple Vulnerabilities

Last Update Date: 9 Jul 2013 10:37 Release Date: 9 Jul 2013 3786 Views

RISK: High Risk

High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Two vulnerabilities have been identified in Corel PDF Fusion, which can be exploited by malicious people to compromise a user's system.

  1. The application loads a library (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ".pdf" or ".xps" file located on a remote WebDAV or SMB share.
  2. A boundary error exists when parsing names in ZIP directory entries of a XPS file and can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted XPS file.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

 

Note: No official solution is currently available.

Impact

  • Remote Code Execution

System / Technologies affected

  • Corel PDF Fusion 1.x

Solutions

  • No official solution is currently available.

Vulnerability Identifier

Source

Related Link

Share with

Previous

IrfanView ANI File Processing Integer Overflow Vulnerability

8 Jul 2013 3842 Views

Next

cPanel cpanellogd Multiple Vulnerabilities

9 Jul 2013 3863 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY