Vulnerabilities > CVE-2013-3248 - Stack Based Buffer Overflow vulnerability in Corel PDF Fusion 1.11

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

corel

critical

exploit available

metasploit

NVD

Published: 2013-10-03

Updated: 2013-10-04

Summary

Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Corel Corel PDF Fusion 1.11	1

Exploit-Db

description	Corel PDF Fusion Stack Buffer Overflow. CVE-2013-0742,CVE-2013-3248. Local exploit for windows platform
file	exploits/windows/local/26805.rb
id	EDB-ID:26805
last seen	2016-02-03
modified	2013-07-13
platform	windows
port
published	2013-07-13
reporter	metasploit
source	https://www.exploit-db.com/download/26805/
title	Corel PDF Fusion Stack Buffer Overflow
type	local

Metasploit

description	This module exploits a stack-based buffer overflow vulnerability in version 1.11 of Corel PDF Fusion. The vulnerability exists while handling a XPS file with long entry names. In order for the payload to be executed, an attacker must convince the target user to open a specially crafted XPS file with Corel PDF Fusion. By doing so, the attacker can execute arbitrary code as the target user.
id	MSF:EXPLOIT/WINDOWS/FILEFORMAT/CORELPDF_FUSION_BOF
last seen	2020-06-03
modified	2017-07-24
published	2013-07-11
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3248 http://secunia.com/advisories/52707/
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb
title	Corel PDF Fusion Stack Buffer Overflow

Packetstorm

data source	https://packetstormsecurity.com/files/download/122382/corelpdf_fusion_bof.rb.txt
id	PACKETSTORM:122382
last seen	2016-12-05
published	2013-07-12
reporter	juan vazquez
source	https://packetstormsecurity.com/files/122382/Corel-PDF-Fusion-Stack-Buffer-Overflow.html
title	Corel PDF Fusion Stack Buffer Overflow

Saint

bid	61010
description	Corel PDF Fusion XPS File ZIP Directory Vulnerability
osvdb	94933
title	corel_pdf_fusion_xps_file_zip_dir
type	client

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Packetstorm

Saint

References