Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC
Title: Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC
Advisory ID: ZSL-2010-4945
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 12.07.2010
[09.07.2010] Initial contact with the vendor.
[12.07.2010] No reply from vendor.
[12.07.2010] Public advisory released.
[2] http://securityreason.com/exploitalert/8397
[3] http://packetstormsecurity.org/filedesc/corelwpoxs-overflow.txt.html
[4] http://xforce.iss.net/xforce/xfdb/60280
[5] http://www.net-security.org/vuln.php?id=13577
[6] http://www.securityfocus.com/bid/41553
[13.07.2010] - Added reference [2] and [3]
[15.07.2010] - Added reference [4]
[12.08.2010] - Added reference [5] and [6]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4945
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 12.07.2010
Summary
Corel® WordPerfect® Office X5 – Standard Edition is the essential office suite for word processing, spreadsheets, presentations and email. Chosen over Microsoft® Office by millions of longtime users, it integrates the latest productivity software with the best of the Web. Work faster and collaborate more efficiently with all-new Web services, new Microsoft® Office SharePoint® support, more PDF tools and even better compatibility with Microsoft Office. It's everything you expect in an office suite—for less.Description
Corel WordPerfect is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .WPD (WordPerfect Document) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.Vendor
Corel Corporation - http://www.corel.comAffected Version
15.0.0.357 (Standard Edition)Tested On
Microsoft Windows XP Professional SP3 (English)Vendor Status
[09.07.2010] Vulnerability discovered.[09.07.2010] Initial contact with the vendor.
[12.07.2010] No reply from vendor.
[12.07.2010] Public advisory released.
PoC
corel_word.cCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.exploit-db.com/exploits/14344/[2] http://securityreason.com/exploitalert/8397
[3] http://packetstormsecurity.org/filedesc/corelwpoxs-overflow.txt.html
[4] http://xforce.iss.net/xforce/xfdb/60280
[5] http://www.net-security.org/vuln.php?id=13577
[6] http://www.securityfocus.com/bid/41553
Changelog
[12.07.2010] - Initial release[13.07.2010] - Added reference [2] and [3]
[15.07.2010] - Added reference [4]
[12.08.2010] - Added reference [5] and [6]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk