5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.042 Low
EPSS
Percentile
91.3%
High-Tech Bridge Security Research Lab discovered an untrusted pointer dereference vulnerability in Corel WordPerfect. Opening of a malicious WPD (WordPerfect Document) causes immediate application crash, resulting in a loss of all unsaved current application data of the user.
MSVCR80!strnicmp+0x261:
69fe74bc f3a4 rep movs byte ptr es:[edi],byte ptr [esi]
Exception Faulting Address: 0x225a848
First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Write Access Violation
Stack Trace:
MSVCR80!strnicmp+0x261
wpwin16!StartApp+0xbdc8e
wpwin16!StartApp+0xc5ef1
wpwin16!StartApp+0xc67f3
wpwin16!StartApp+0xc0758
ntdll!RtlAllocateHeap+0x 211
ntdll!RtlAllocateHeap+0xac
ntdll!RtlTryEnterCriticalSection+0x9ba
ntd ll!RtlTryEnterCriticalSection+0x98f
WStr16!WPwmemcpy+0x1e
PFIT160!wread+0x e1
MSVCR80!strnicmp+0x135
wpwin16!StartApp+0xdfe00
In order to exploit the vulnerability remotely the attacker has to send a malicious file to the victim by email. In a web-based scenario, the attacker can host a malicious file on a website or WebDav share and trick the victim to download and open the file.
As a PoC (Proof of Concept) a file “PoC.wpd” is provided, which causes immediate application crash. Password for archive: k2-0xj)Dhfjhlfs
CPE | Name | Operator | Version |
---|---|---|---|
corel wordperfect x6 standard edition | eq | 16.0.0.388 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.042 Low
EPSS
Percentile
91.3%