CVE-2021-38110

Name of the Vulnerable Software and Affected Versions Corel WordPerfect version 20.0.0.200

Description The issue is related to an Out-of-bounds Write vulnerability in the Word97Import200.dll library when parsing a crafted file. This could allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user by exploiting this vulnerability with a specially formed DOC file. Exploitation requires user interaction, where a victim must open a malicious DOC file.

Recommendations For Corel WordPerfect version 20.0.0.200, consider avoiding the use of the Word97Import200.dll library until a patch is available. As a temporary workaround, refrain from opening DOC files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.