Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceGjoko KrsticZSL-2010-4946
HistoryJul 12, 2010 - 12:00 a.m.

Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC

2010-07-1200:00:00
Gjoko Krstic
zeroscience.mk
15

8.6 High

AI Score

Confidence

Low

JSON

Title: Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC
Advisory ID: ZSL-2010-4946
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 12.07.2010

Summary

Strengthen your visual impact. Create compelling slideshows, proposals, demonstrations and interactive reports. Easily edit pictures, create charts and diagrams, and share content with others. Open, edit and save Microsoft® PowerPoint® files, including the latest OOXML (.pptx) files.

Description

Corel Presentations is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .SHW (Presentations Slide Show) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Vendor

Corel Corporation - <http://www.corel.com>

Affected Version

15.0.0.357 (Standard Edition)

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

[12.07.2010] Vulnerability discovered.
[09.07.2010] Initial contact with the vendor.
[12.07.2010] No reply from vendor.
[12.07.2010] Public advisory released.

PoC

corel_present.txt
zsl_poc17.shw.rar

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <http://www.exploit-db.com/exploits/14346/&gt;
[2] <http://securityreason.com/exploitalert/8398&gt;
[3] <http://packetstormsecurity.org/1007-exploits/ZSL-2010-4946.tgz&gt;
[4] <http://www.net-security.org/vuln.php?id=13558&gt;
[5] <http://www.securityfocus.com/bid/41556&gt;

Changelog

[12.07.2010] - Initial release
[13.07.2010] - Added reference [2] and [3]
[12.08.2010] - Added reference [4] and [5]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: [email protected]

<html><body><p>- Title: Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC



 - Vendor: Corel Corporation

 - Product Web Page: http://www.corel.com

 - Version Tested: 15.0.0.357 (Standard Edition)

 - Summary: Strengthen your visual impact. Create compelling slideshows, proposals,
 demonstrations and interactive reports. Easily edit pictures, create charts and
 diagrams, and share content with others. Open, edit and save Microsoft� PowerPoint�
 files, including the latest OOXML (.pptx) files.

 - Desc: Corel WordPerfect is prone to a remote buffer overflow vulnerability because
 the application fails to perform adequate boundary checks on user supplied input with
 .SHW (Presentations Slide Show) file. Attackers may exploit this issue to execute arbitrary
 code in the context of the application. Failed attacks will cause denial-of-service conditions.

 - Tested On: Microsoft Windows XP Pro SP3 (EN)


 - Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

 - liquidworm gmail com

 - Zero Science Lab - http://www.zeroscience.mk

 - 12.07.2010


 - Vendor status:

 [12.07.2010] Vulnerability discovered.
 [09.07.2010] Initial contact with the vendor.
 [12.07.2010] No reply from vendor.
 [12.07.2010] Public advisory released.


 - Zero Science Lab Advisory ID: ZSL-2010-4946
 
 - Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4946.php



 - PoC: http://www.zeroscience.mk/codes/zsl_poc17.shw.rar
</p></body></html>

8.6 High

AI Score

Confidence

Low

JSON