Vulnerability Details CVE-2014-8397
Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.079
EPSS Ranking 91.6%
CVSS Severity
CVSS v2 Score 4.6
References
- http://seclists.org/fulldisclosure/2015/Jan/33
- http://www.coresecurity.com/advisories/corel-software-dll-hijacking
- http://www.securityfocus.com/archive/1/534452/100/0/threaded
- http://www.securityfocus.com/bid/72009
- http://seclists.org/fulldisclosure/2015/Jan/33
- http://www.coresecurity.com/advisories/corel-software-dll-hijacking
- http://www.securityfocus.com/archive/1/534452/100/0/threaded
- http://www.securityfocus.com/bid/72009
Products affected by CVE-2014-8397
-
cpe:2.3:a:corel:fastflick:-
-
cpe:2.3:a:corel:videostudio_pro:x7