Researchers from Core Security have uncovered a vulnerability in a DLL used by several Corel applications. Researchers revealed the vulnerability after they repeatedly tried to communicate with Correl who did not respond. So there are no updates available about vulnerabilities that can allow remote code execution.
Η Corel is a well-known software company for graphics, design and video applications. Its applications are the well-known ones: CorelDRAW, Photo-Paint, and Core's security researchers discovered that many of them contain a archive DLL that contains the vulnerability.
"When a Corel file is opened, the file's directory is used to locate DLL files, which could allow an attacker to execute arbitrary commands by inserting a malicious DLL, in the same directory as the file,” the researchers report.
Affected Corel applications are: CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, Corel CAD 2014, Corel VideoStudio PRO X7, Corel PDF Fusion, and Corel FastFlick. The DLL that the applications are looking for is called “wintab32.dll” and no controln the storage path. This allows a malicious DLL with the same name to be copied to the relevant folder and executed within the application context.
Core Security researchers contacted Corel about the vulnerabilities, on December 9, and received no response. They tried again, on December 17, and again received no answer. They made a third attempt to contact Corel via Twitter, without success, and so released the vulnerability today.