CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability

Title: CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability
Advisory ID: ZSL-2014-5204
Type: Local/Remote
Impact: System Access, DoS
Risk: (3/5)
Release Date: 12.11.2014
Summary
CorelDRAW is one of the image-creating programs in a suite of graphic arts software used by professional artists, educators, students, businesses and the general public. The CorelDRAW Graphics Suite X7, which includes CorelDRAW, is sold as stand-alone software and as a cloud-based subscription. CorelDRAW is the core of the graphics suite and is primarily used for vector illustrations and page layouts.
Description
CorelDRAW is prone to an off-by-one memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious CDR file to execute arbitrary code and/or to cause denial-of-service conditions.
Vendor
Corel Corporation - http://www.corel.com
Affected Version
17.1.0.572 (X7) - 32bit/64bit (EN)
15.0.0.486 (X5) - 32bit (EN)
Tested On
Microsoft Windows 7 Professional SP1 (EN)
Vendor Status
N/A
PoC
coreldraw_obo.txt
zsl_5204.rar
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://cxsecurity.com/issue/WLB-2014110072
[2] http://en.hackdig.com/?8986.htm
[3] http://www.exploit-db.com/exploits/35217/
[4] http://osvdb.org/show/osvdb/114558
[5] http://packetstormsecurity.com/files/129085
[6] http://xforce.iss.net/xforce/xfdb/98641
[7] http://www.securityfocus.com/bid/71064
Changelog
[12.11.2014] - Initial release
[13.11.2014] - Added reference [6] and [7]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk