CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
77.6%
Added: 08/08/2013
CVE: CVE-2013-3248
BID: 61010
OSVDB: 94933
Corel PDF Fusion is a software application used to assemble, edit and create PDFs from more than 100 different file types by dragging and dropping them onto the Welcome Screen. It allows adding new text, bookmarks and comments, and also supports multiple file output formats.
Corel PDF Fusion version 1.11 and earlier is vulnerable to a buffer overflow condition as a result of not properly validating user-supplied input when parsing names in ZIP directory entries of an XPS file. An attacker who persuades a user to open a specially crafted XPS file in a vulnerable version of Corel PDF Fusion could execute arbitrary code in the context of the affected user.
Contact the vendor for an update when it becomes available.
<http://secunia.com/advisories/52707/>
This exploit has been tested against Corel PDF Fusion 1.11 on Windows XP SP3 English (DEP OptIn).
Windows