CVE-2012-4728

Name of the Vulnerable Software and Affected Versions Corel Quattro Pro X6 Standard Edition versions 16.0.0.388 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference, by providing a crafted QPW file. This is related to the QProGetNotebookWindowHandle and Ordinal132 functions in QPW160.dll.

Recommendations For versions 16.0.0.388 and earlier, consider avoiding the use of crafted QPW files until a fix is available. As a temporary workaround, restrict the opening of QPW files from untrusted sources to minimize the risk of exploitation.