Vulnerabilities > CVE-2012-4728 - NULL Pointer Dereference Denial of Service vulnerability in Corel Quattro PRO X6 16.0.0.388
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL network
corel
Summary
The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/120713/corelquattropro-dereference.txt |
| id | PACKETSTORM:120713 |
| last seen | 2016-12-05 |
| published | 2013-03-08 |
| reporter | High-Tech Bridge SA |
| source | https://packetstormsecurity.com/files/120713/Corel-Quattro-Pro-X6-Standard-Edition-NULL-Pointer-Dereference.html |
| title | Corel Quattro Pro X6 Standard Edition NULL Pointer Dereference |
References
- http://archives.neohapsis.com/archives/bugtraq/2013-03/0048.html
- http://osvdb.org/91039
- http://osvdb.org/91040
- http://packetstormsecurity.com/files/120713/Corel-Quattro-Pro-X6-Standard-Edition-NULL-Pointer-Dereference.html
- http://www.securityfocus.com/bid/58386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82707
- https://www.htbridge.com/advisory/HTB23112