CVE-2014-8393
high
CVSS v3
7.8
CVSS v2
4.6
VIR risk
7.8
Description
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| corel | coreldraw | x7 | |
| corel | coreldraw_photo_paint | x7 | |
| corel | paint_shop_pro | x7 | |
| corel | painter | 2015 | |
| corel | pdf_fusion | - | |
References
- http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html
- http://seclists.org/fulldisclosure/2015/Jan/33
- http://secunia.com/advisories/62210
- http://www.coresecurity.com/advisories/corel-software-dll-hijacking
- http://www.securityfocus.com/archive/1/534452/100/0/threaded
- http://www.securityfocus.com/bid/72005
- http://www.securitytracker.com/id/1031522
- http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html
- http://seclists.org/fulldisclosure/2015/Jan/33
- http://secunia.com/advisories/62210
- http://www.coresecurity.com/advisories/corel-software-dll-hijacking
- http://www.securityfocus.com/archive/1/534452/100/0/threaded
- http://www.securityfocus.com/bid/72005
- http://www.securitytracker.com/id/1031522
CWEs
CWE-427
Verify integrity in audit chain (admin only). AS-IS.