PT-2012-1450 · Corel · Corel Photo-Paint+1

Gjoko Krstic

Published

2012-09-07

Updated

2012-09-07

CVE-2010-5240

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CorelDRAW X5 version 15.1.0.588 Corel PHOTO-PAINT version 15.1.0.588

Description The issue allows local users to gain privileges via a Trojan horse dwmapi.dll or CrlRib.dll file in the current working directory. This can be demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file.

Recommendations For CorelDRAW X5 version 15.1.0.588, consider removing or restricting access to the dwmapi.dll and CrlRib.dll files in the current working directory to minimize the risk of exploitation. For Corel PHOTO-PAINT version 15.1.0.588, avoid using the software in directories that contain untrusted files, such as .cdr, .cpt, .cmx, or .csl files, until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-5240

Affected Products

Corel Photo-Paint

Coreldraw X5

PT-2012-1450 · Corel · Corel Photo-Paint+1

CVE-2010-5240

Related Identifiers

Affected Products

References · 6