Corel vulnerabilities could allow hackers in via DLL hijacking

Many of Corel’s photo, video and media editing programs contain DLL hijacking vulnerabilities, a security researcher has discovered.

The bug was uncovered by security researcher Marcos Accossatto, who publicized the issue after Corel did not reply to his private disclosures, according to The Register.

He discovered that opening a file associated with one of the affected Corel products would also load a specifically named DLL file into the system’s memory, if the DLL is located in the same directory as the open file. From there, DLL files – which contain executable code – could be used to install malware on the computer.

This could be exploited in a company environment by an attacker dropping an infected DLL onto a file sharing server alongside legitimate Corel files, infecting any workstations that open them.

PC World lists the products susceptible to DLL hijacking as CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, CorelCAD 2014, Corel Painter 2015, Corel PDF Fusion, Corel VideoStudio PRO X7 and Corel FastFlick, but The Register notes that some other Corel products were untested. Different products are vulnerable to differently named DLL files, according to Accossatto.

In an email statement to Computer World, Corel’s senior communications manager said: “Corel is reviewing its products on a case-by-case basis to safeguard dynamic loading of DLL files, which is a common vulnerability in many Windows applications. Corel makes frequent updates to our applications and these changes have been made a priority for the next update of any affected Corel product. We would like to assure our users that we are not aware of any exploits of this issue with our software.”

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.