Lucene search
HistoryJan 15, 2015 - 3:59 p.m.
CVE-2014-8397
cve-2014-8397
corel videostudio pro x7
fastflick
dll hijacking
security vulnerability
nvd
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.975 High
EPSS
Percentile
100.0%
Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.
Affected configurations
Node
corelfastflick
ORcorelvideostudio_proMatchx7
| CPE | Name | Operator | Version |
|---|---|---|---|
| corel:fastflick | corel fastflick | eq | * |
| corel:videostudio_pro | corel videostudio pro | eq | x7 |
Related
cvelist
cvelist
CVE-2014-8397
2015-01-15 15:00:00
nvd
nvd
CVE-2014-8397
2015-01-15 15:59:12
prion
prion
Design/Logic Flaw
2015-01-15 15:59:00
packetstorm
packetstorm
Corel Software DLL Hijacking
2015-01-13 00:00:00
securityvulns
securityvulns
Corel multiple appliucations unsafe DLL search path
2015-01-13 00:00:00
Corel Software DLL Hijacking
2015-01-13 00:00:00
coresecurity
coresecurity
Corel Software DLL Hijacking
2015-01-12 00:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.975 High
EPSS
Percentile
100.0%
Related for CVE-2014-8397