CVE-2021-38108

Name of the Vulnerable Software and Affected Versions Corel WordPerfect version 2020 20.0.0.200

Description The issue is related to an out-of-bounds read vulnerability in the Word97Import200.dll library of Corel WordPerfect. This vulnerability can be exploited by an unauthenticated attacker to access unauthorized system memory in the context of the current user. Exploitation requires user interaction, where a victim must open a specially crafted DOC file.

Recommendations For Corel WordPerfect version 2020 20.0.0.200, consider avoiding the use of the Word97Import200.dll library until a patch is available. As a temporary workaround, restrict the opening of DOC files from untrusted sources to minimize the risk of exploitation.