Lucene search

Kaspersky LabKLA10666

HistorySep 15, 2015 - 12:00 a.m.

KLA10666 Code execution vulnerability in Corel WordPerfect

2015-09-1500:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.115

Percentile

95.3%

JSON

An unspecified vulnerability was found in Corel WordPerfect. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed Microsoft Word document.

Original advisories

ZDI advisory

Related products

Corel-WordPerfect

CVE list

CVE-2015-6948 high

Solution

Try to update as soon as vendor releases patch. While product stands unpatched avoid interacting with untrusted documents.

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Corel WordPerfect

References

www.zerodayinitiative.com/advisories/ZDI-15-410/

statistics.securelist.com/

threats.kaspersky.com/en/product/Corel-WordPerfect/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.115

Percentile

95.3%

JSON

Related for KLA10666