ID CVE-2014-8396
Summary Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
References
Vulnerable Configurations
  • cpe:2.3:a:corel:pdf_fusion:*:*:*:*:*:*:*:*
    cpe:2.3:a:corel:pdf_fusion:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 09-10-2018 - 19:54)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 72007
bugtraq 20150112 Corel Software DLL Hijacking
fulldisc 20150112 Corel Software DLL Hijacking
misc http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Last major update 09-10-2018 - 19:54
Published 15-01-2015 - 15:59
Last modified 09-10-2018 - 19:54
Back to Top