Vulnerabilities > CVE-2010-5240 - Unspecified vulnerability in Corel Coreldraw X5 and Photo-Paint X3

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
corel
exploit available
NVD
Published: 2012-09-07
Updated: 2012-09-07

Summary

Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

Vulnerable Configurations

Part Description Count
Application
Corel
2

Exploit-Db

  • descriptionCorelDRAW X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll). CVE-2010-5240,CVE-2014-8393. Local exploit for windows platform
    idEDB-ID:14786
    last seen2016-02-01
    modified2010-08-25
    published2010-08-25
    reporterLiquidWorm
    sourcehttps://www.exploit-db.com/download/14786/
    titleCorelDRAW X3 13.0.0.576 - DLL Hijacking Exploit crlrib.dll
  • descriptionCorel PHOTO-PAINT X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll). CVE-2010-5240,CVE-2014-8393. Local exploit for windows platform
    idEDB-ID:14787
    last seen2016-02-01
    modified2010-08-25
    published2010-08-25
    reporterLiquidWorm
    sourcehttps://www.exploit-db.com/download/14787/
    titleCorel PHOTO-PAINT X3 13.0.0.576 - DLL Hijacking Exploit crlrib.dll

References