ID CVE-2014-8398
Summary Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
References
Vulnerable Configurations
  • cpe:2.3:a:corel:fastflick:*:*:*:*:*:*:*:*
    cpe:2.3:a:corel:fastflick:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 09-10-2018 - 19:54)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 72010
bugtraq 20150112 Corel Software DLL Hijacking
fulldisc 20150112 Corel Software DLL Hijacking
misc http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Last major update 09-10-2018 - 19:54
Published 15-01-2015 - 15:59
Last modified 09-10-2018 - 19:54
Back to Top