PT-2001-1077 · Corel · Corel Wordperfect

Kushal Arvind Shah

Published

2001-03-01

Updated

2021-10-07

CVE-2021-38108

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Corel WordPerfect version 2020 20.0.0.200

Description The issue is related to an out-of-bounds read vulnerability in the Word97Import200.dll library of Corel WordPerfect. This vulnerability can be exploited by an unauthenticated attacker to access unauthorized system memory in the context of the current user. Exploitation requires user interaction, where a victim must open a specially crafted DOC file.

Recommendations For Corel WordPerfect version 2020 20.0.0.200, consider avoiding the use of the Word97Import200.dll library until a patch is available. As a temporary workaround, restrict the opening of DOC files from untrusted sources to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2023-00045

CVE-2021-38108

Affected Products

Corel Wordperfect

PT-2001-1077 · Corel · Corel Wordperfect

CVE-2021-38108

Weakness Enumeration

Related Identifiers

Affected Products

References · 6