ID CVE-2013-3248
Summary Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
References
Vulnerable Configurations
  • Corel PDF Fusion 1.11
    cpe:2.3:a:corel:pdf_fusion:1.11
CVSS
Base: 9.3 (as of 04-10-2013 - 07:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Corel PDF Fusion Stack Buffer Overflow. CVE-2013-0742,CVE-2013-3248. Local exploit for windows platform
file exploits/windows/local/26805.rb
id EDB-ID:26805
last seen 2016-02-03
modified 2013-07-13
platform windows
port
published 2013-07-13
reporter metasploit
source https://www.exploit-db.com/download/26805/
title Corel PDF Fusion Stack Buffer Overflow
type local
metasploit via4
description This module exploits a stack-based buffer overflow vulnerability in version 1.11 of Corel PDF Fusion. The vulnerability exists while handling a XPS file with long entry names. In order for the payload to be executed, an attacker must convince the target user to open a specially crafted XPS file with Corel PDF Fusion. By doing so, the attacker can execute arbitrary code as the target user.
id MSF:EXPLOIT/WINDOWS/FILEFORMAT/CORELPDF_FUSION_BOF
last seen 2019-03-23
modified 2017-07-24
published 2013-07-11
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb
title Corel PDF Fusion Stack Buffer Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/122382/corelpdf_fusion_bof.rb.txt
id PACKETSTORM:122382
last seen 2016-12-05
published 2013-07-12
reporter juan vazquez
source https://packetstormsecurity.com/files/122382/Corel-PDF-Fusion-Stack-Buffer-Overflow.html
title Corel PDF Fusion Stack Buffer Overflow
refmap via4
osvdb 94934
secunia 52707
saint via4
bid 61010
description Corel PDF Fusion XPS File ZIP Directory Vulnerability
osvdb 94933
title corel_pdf_fusion_xps_file_zip_dir
type client
Last major update 04-10-2013 - 12:37
Published 03-10-2013 - 19:55
Back to Top