SAINT CorporationSAINT:0204E45EC5A7227C71F3D0483CC9F5F6Corel PDF Fusion XPS File ZIP Directory Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
77.6%
Added: 08/08/2013
CVE: CVE-2013-3248
BID: 61010
OSVDB: 94933
Background
Corel PDF Fusion is a software application used to assemble, edit and create PDFs from more than 100 different file types by dragging and dropping them onto the Welcome Screen. It allows adding new text, bookmarks and comments, and also supports multiple file output formats.
Problem
Corel PDF Fusion version 1.11 and earlier is vulnerable to a buffer overflow condition as a result of not properly validating user-supplied input when parsing names in ZIP directory entries of an XPS file. An attacker who persuades a user to open a specially crafted XPS file in a vulnerable version of Corel PDF Fusion could execute arbitrary code in the context of the affected user.
Resolution
Contact the vendor for an update when it becomes available.
References
<http://secunia.com/advisories/52707/>
Limitations
This exploit has been tested against Corel PDF Fusion 1.11 on Windows XP SP3 English (DEP OptIn).
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
77.6%