← Advisories

Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC

High
Advisory ID
ZSL-2010-4945
Release Date
12 July 2010
Vendor
Corel Corporation - http://www.corel.com
Affected Version
15.0.0.357 (Standard Edition)
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (English)
Summary

Corel® WordPerfect® Office X5 – Standard Edition is the essential office suite for word processing, spreadsheets, presentations and email. Chosen over Microsoft® Office by millions of longtime users, it integrates the latest productivity software with the best of the Web. Work faster and collaborate more efficiently with all-new Web services, new Microsoft® Office SharePoint® support, more PDF tools and even better compatibility with Microsoft Office. It's everything you expect in an office suite—for less.

Description

Corel WordPerfect is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .WPD (WordPerfect Document) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Proof of Concept
corel_word.cTXT
Disclosure Timeline
09.07.2010Vulnerability discovered.
09.07.2010Initial contact with the vendor.
12.07.2010No reply from vendor.
12.07.2010Public advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/14344/
[2]http://securityreason.com/exploitalert/8397
[3]http://packetstormsecurity.org/filedesc/corelwpoxs-overflow.txt.html
[4]http://xforce.iss.net/xforce/xfdb/60280
[5]http://www.net-security.org/vuln.php?id=13577
[6]http://www.securityfocus.com/bid/41553
Changelog
12.07.2010Initial release
13.07.2010Added reference [2] and [3]
15.07.2010Added reference [4]
12.08.2010Added reference [5] and [6]