Lucene search

[email protected]CVE-2010-5240

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-5240

2022-10-0316:21:03

[email protected]

web.nvd.nist.gov

cve-2010-5240

corel

photo-paint

coreldraw

15.1.0.588

untrusted search path

vulnerabilities

local users

gain privileges

dwmapi.dll

crlrib.dll

trojan horse

6.9 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.931 High

EPSS

Percentile

99.1%

JSON

Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

corelcoreldraw_x5Match15.1.0.588

corelphoto-paint_x3Match13.0.0.576

CPENameOperatorVersion
corel:coreldraw_x5corel coreldraw x5eq15.1.0.588
corel:photo-paint_x3corel photo-paint x3eq13.0.0.576

CPE	Name	Operator	Version
corel:coreldraw_x5	corel coreldraw x5	eq	15.1.0.588
corel:photo-paint_x3	corel photo-paint x3	eq	13.0.0.576

References

secunia.com/advisories/41148

www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4953.php

www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4954.php

6.9 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.931 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2010-5240

prion1 nvd1 cvelist1