Lucene search

MitreCVE-2010-5240

HistorySep 07, 2012 - 10:32 a.m.

CVE-2010-5240

2012-09-0710:32:21

mitre

web.nvd.nist.gov

cve-2010-5240

corel

photo-paint

coreldraw

15.1.0.588

untrusted search path

vulnerabilities

local users

gain privileges

dwmapi.dll

crlrib.dll

trojan horse

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.958

Percentile

99.5%

JSON

Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

corelcoreldraw_x5Match15.1.0.588

corelphoto-paint_x3Match13.0.0.576

VendorProductVersionCPE
corelcoreldraw_x515.1.0.588cpe:2.3:a:corel:coreldraw_x5:15.1.0.588:*:*:*:*:*:*:*
corelphoto-paint_x313.0.0.576cpe:2.3:a:corel:photo-paint_x3:13.0.0.576:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
corel	coreldraw_x5	15.1.0.588	cpe:2.3:a:corel:coreldraw_x5:15.1.0.588:::::::*
corel	photo-paint_x3	13.0.0.576	cpe:2.3:a:corel:photo-paint_x3:13.0.0.576:::::::*

References

secunia.com/advisories/41148

www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4953.php

www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4954.php

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.958

Percentile

99.5%

JSON

Related for CVE-2010-5240