← Advisories

Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC

High
Advisory ID
ZSL-2010-4946
Release Date
12 July 2010
Vendor
Corel Corporation - http://www.corel.com
Affected Version
15.0.0.357 (Standard Edition)
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (English)
Summary

Strengthen your visual impact. Create compelling slideshows, proposals, demonstrations and interactive reports. Easily edit pictures, create charts and diagrams, and share content with others. Open, edit and save Microsoft® PowerPoint® files, including the latest OOXML (.pptx) files.

Description

Corel Presentations is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .SHW (Presentations Slide Show) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Proof of Concept
corel_present.txtTXT
zsl_poc17.shw.rarRAR
Disclosure Timeline
12.07.2010Vulnerability discovered.
09.07.2010Initial contact with the vendor.
12.07.2010No reply from vendor.
12.07.2010Public advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/14346/
[2]http://securityreason.com/exploitalert/8398
[3]http://packetstormsecurity.org/1007-exploits/ZSL-2010-4946.tgz
[4]http://www.net-security.org/vuln.php?id=13558
[5]http://www.securityfocus.com/bid/41556
Changelog
12.07.2010Initial release
13.07.2010Added reference [2] and [3]
12.08.2010Added reference [4] and [5]