ID CVE-2014-8394
Summary Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
References
Vulnerable Configurations
  • cpe:2.3:a:corel:corelcad:2014:*:*:*:*:*:*:*
    cpe:2.3:a:corel:corelcad:2014:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 09-10-2018 - 19:54)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 72004
bugtraq 20150112 Corel Software DLL Hijacking
fulldisc 20150112 Corel Software DLL Hijacking
misc http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Last major update 09-10-2018 - 19:54
Published 15-01-2015 - 15:59
Last modified 09-10-2018 - 19:54
Back to Top