Corel PHOTO-PAINT X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit

Title: Corel PHOTO-PAINT X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit
Advisory ID: ZSL-2010-4954
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 26.08.2010
Summary
Graphic design software for striking visual communication.
Description
Corel PHOTO-PAINT X3 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .cpt thru crlrib.dll library.
Vendor
Corel Corporation - http://www.corel.com
Affected Version
X3 v13.0.0.576
Tested On
Microsoft Windows XP Professional SP3 (English)
Vendor Status
N/A
PoC
corelpp_dll.c
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.exploit-db.com/exploits/14787
[2] http://www.packetstormsecurity.org/filedesc/corelpp_dll.txt.html
[3] http://securityreason.com/exploitalert/8770
[4] http://secunia.com/advisories/41148/
[5] http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[6] http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[7] http://www.securityfocus.com/bid/42753
[8] http://osvdb.org/show/osvdb/67582
Changelog
[26.08.2010] - Initial release
[27.08.2010] - Added reference [1], [2], [3], [4], [5] and [6]
[13.11.2010] - Added reference [7] and [8]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk