CVE-2014-8394 : Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local use

Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.

Published 2015-01-15 15:59:10

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2014-8394

Corel » Corelcad » Version: 2014
cpe:2.3:a:corel:corelcad:2014:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8394

EPSS FAQ

7.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8394

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2014-8394

http://www.securityfocus.com/archive/1/534452/100/0/threaded

SecurityFocus

CVEs referencing this url
http://www.coresecurity.com/advisories/corel-software-dll-hijacking

Corel Software DLL Hijacking | Core Security

CVEs referencing this url
http://www.securityfocus.com/bid/72004

CorelCAD 'TD_Mgd_3.08_9.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://seclists.org/fulldisclosure/2015/Jan/33

Full Disclosure: Corel Software DLL Hijacking

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-8394

Products affected by CVE-2014-8394

Exploit prediction scoring system (EPSS) score for CVE-2014-8394

CVSS scores for CVE-2014-8394

References for CVE-2014-8394