Информационная безопасность
[RU] switch to English


Небезопасный путь поиска DLL во многих продуктах Corel
Опубликовано:13 января 2015 г.
Источник:
SecurityVulns ID:14196
Тип:локальная
Уровень опасности:
5/10
Описание:Небезопасный путь поиска DLL.
Затронутые продукты:COREL : Photo-Paint X7
 COREL : Corel CAD 2014
 COREL : PaintShop Pro X7
 COREL : Corel Painter 2015
 COREL : VideoStudio PRO X7
 COREL : DRAW X7
CVE:CVE-2014-8398 (Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8397 (Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8396 (Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8395 (Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8394 (Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.)
 CVE-2014-8393
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, Corel Software DLL Hijacking (13.01.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород