7 matches found
CVE-2013-3248
CVE-2013-3248 summary (confirmed by connected sources): Corel PDF Fusion 1.11 contains an untrusted search path vulnerability that allows local users to gain privileges via a Trojan horse wintab32.dll in the current working directory, demonstrated with a directory containing a .pdf or .xps file. ...
CVE-2013-0742
Corel PDF Fusion 1.11 is affected by a stack-based buffer overflow via a long ZIP directory entry name in an XPS file, allowing remote code execution or a denial-of-service (application crash). This vulnerability is identified as CVE-2013-0742 and has multiple connected advisories (e.g., Red Hat,...
CVE-2021-38098
CVE-2021-38098 affects Corel PDF Fusion 2.6.2.0. A heap corruption vulnerability occurs while parsing a crafted PDF file, allowing an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious P...
CVE-2021-38096
CVE-2021-38096 affects Corel PDF Fusion 2.6.2.0 (Coreip.dll) and involves an Out-of-bounds Write when parsing a crafted file. An unauthenticated attacker could achieve arbitrary code execution in the context of the current user, with exploitation requiring user interaction (victim must open a mal...
CVE-2014-8393
CVE-2014-8393 corresponds to a DLL hijacking vulnerability in Corel products (CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015 and Corel PDF Fusion, plus related apps). The flaw arises when a file is opened and the application searches the document’s directory for DL...
CVE-2014-8396
Corel PDF Fusion is affected by a DLL hijacking vulnerability (untrusted search path) where the attacker can place a malicious quserex.dll in the same folder as the processed file, enabling local code execution. The CVE is CVE-2014-8396. The connected sources confirm the vulnerability scope and D...
CVE-2021-38097
CVE-2021-38097 affects Corel PDF Fusion 2.6.2.0 with an Out-of-bounds Write while parsing a crafted file. An unauthenticated attacker could achieve arbitrary code execution in the context of the current user, and exploitation requires the user to open a malicious PDF file. No remediation details ...