![]() For example, wintab32.dll will work for CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015 and Corel PDF Fusion, according to the Core researchers. The specific name that the rogue DLL needs to have varies depending on the targeted Corel program. ![]() ![]() In a corporate environment an attacker with access to a file sharing server could place the rogue DLL file alongside legitimate Corel files on an existing network share to infect workstations that use those files. When the user opened the legitimate Corel file, the DLL would run as well. In order to exploit these client-side vulnerabilities, an attacker could, for example, send a ZIP archive to a Corel user containing a media file associated with vulnerable Corel software and a specifically named malicious DLL. Other versions might be affected too, but they haven't been checked, they said. The vulnerable products are CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, CorelCAD 2014, Corel Painter 2015, Corel PDF Fusion, Corel VideoStudio PRO X7 and Corel FastFlick, the Core Security researchers said in an advisory published Monday. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |