WordPerfect Office X6 – Standard Edition, Corel.com
High-Tech Bridge Security Research Lab discovered an untrusted pointer dereference vulnerability in Corel WordPerfect. Opening of a malicious WPD (WordPerfect Document) causes immediate application crash, resulting in a loss of all unsaved current application data of the user.
The very beginning of the crash occurs within the WPWIN16.DLL module in the STARTAPP function when the application attempts to call the STRNICMP procedure in the MSVCR80 module.
In order to exploit the vulnerability remotely the attacker has to send a malicious file to the victim by email. In a web-based scenario, the attacker can host a malicious file on a website or WebDav share and trick the victim to download and open the file.
WPD-file provided by researcher as a Proof of Concept (PoC) example.
No comments:
Post a Comment