Corel software vulnerabilities let attackers execute malicious code on your PC

PC World

Several photo, video and other media editing programs from software maker Corel contain DLL hijacking vulnerabilities that could allow attackers to execute malicious code on users’ computers.

According to vulnerability research firm Core Security, when opening a media file associated with one of the vulnerable Corel products, the product will also load a specifically named DLL (Dynamic Link Library) file into memory if it’s located in the same directory as the opened media file.

DLL files contain executable code so they can be used to install malware on computers.

The vulnerable products are CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, CorelCAD 2014, Corel Painter 2015, Corel PDF Fusion, Corel VideoStudio PRO X7 and Corel FastFlick, the Core Security researchers said in an advisory published Monday. Other versions might be affected too, but they haven’t been checked, they said.

view PC World