Vulnerabilities > CVE-2010-5240 - Unspecified vulnerability in Corel Coreldraw X5 and Photo-Paint X3

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
corel
exploit available

Summary

Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

Vulnerable Configurations

Part Description Count
Application
Corel
2

Exploit-Db

  • descriptionCorelDRAW X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll). CVE-2010-5240,CVE-2014-8393. Local exploit for windows platform
    idEDB-ID:14786
    last seen2016-02-01
    modified2010-08-25
    published2010-08-25
    reporterLiquidWorm
    sourcehttps://www.exploit-db.com/download/14786/
    titleCorelDRAW X3 13.0.0.576 - DLL Hijacking Exploit crlrib.dll
  • descriptionCorel PHOTO-PAINT X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll). CVE-2010-5240,CVE-2014-8393. Local exploit for windows platform
    idEDB-ID:14787
    last seen2016-02-01
    modified2010-08-25
    published2010-08-25
    reporterLiquidWorm
    sourcehttps://www.exploit-db.com/download/14787/
    titleCorel PHOTO-PAINT X3 13.0.0.576 - DLL Hijacking Exploit crlrib.dll