Vulnerabilities > CVE-2013-0733 - DLL Loading Arbitrary Code Execution vulnerability in Corel PaintShop Pro X5 and X6 'dwmapi.dll'

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

corel

critical

NVD

Published: 2014-06-05

Updated: 2019-07-18

Summary

Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file. Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"

Vulnerable Configurations

Part	Description	Count
Application	Corel Corel Paintshop PRO X5 15.2.0.2 Corel Paintshop PRO X6 15.2.0.2 Corel Paintshop PRO X6 16.0.0.113	3

References

http://osvdb.org/98163
http://secunia.com/advisories/53618
http://www.securityfocus.com/bid/62836
https://exchange.xforce.ibmcloud.com/vulnerabilities/87763