CVE-2014-8393 : DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintSh

DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.

Published 2017-08-29 01:35:12

Updated 2018-10-09 19:54:08

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-8393

Corel » Paint Shop Pro » Version: X7
cpe:2.3:a:corel:paint_shop_pro:x7:*:*:*:*:*:*:*
Matching versions
Corel » Pdf Fusion » Version: N/A
cpe:2.3:a:corel:pdf_fusion:-:*:*:*:*:*:*:*
Matching versions
Corel » Painter » Version: 2015
cpe:2.3:a:corel:painter:2015:*:*:*:*:*:*:*
Matching versions
Corel » Coreldraw Photo Paint » Version: X7
cpe:2.3:a:corel:coreldraw_photo_paint:x7:*:*:*:*:*:*:*
Matching versions
Corel » Coreldraw » Version: X7
cpe:2.3:a:corel:coreldraw:x7:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

4.84%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Assigned by: nvd@nist.gov (Primary)

http://secunia.com/advisories/62210

Sign in
Permissions Required
http://www.securityfocus.com/bid/72005

Multiple Corel Products 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
Third Party Advisory;VDB Entry
http://www.securityfocus.com/archive/1/534452/100/0/threaded

SecurityFocus

CVEs referencing this url
http://www.securitytracker.com/id/1031522

Corel Paint Shop Pro DLL Loading Error Lets Local Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry
http://www.coresecurity.com/advisories/corel-software-dll-hijacking

Corel Software DLL Hijacking | Core Security
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2015/Jan/33

Full Disclosure: Corel Software DLL Hijacking
Mailing List;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html

Corel Software DLL Hijacking ≈ Packet Storm
Third Party Advisory;VDB Entry

Jump to