Corel Software DLL Hijacking Vulnerability Allows Hackers to Execute Malicious Code
Security researchers have disclosed local zero day DLL hijacking vulnerabilities in several applications developed by Corel Software that could allow an attacker to execute arbitrary commands on victims' computer, potentially affecting more than 100 million users.

The security holes were publicly disclosed by Marcos Accossatto from a vulnerability research firm Core Security after the vendor didn't respond to his private disclosure about the flaws.

Corel develops wide range of products including graphics, photo, video and other media editing programs. According to the researcher, when a media file associated with one of the vulnerable Corel products is opened, the product also loads a specifically named DLL (Dynamic Link Library) file into memory if it's located in the same directory as the opened media file.

These DLL files contain executable code which could allow an attacker to install malware on victims' computers by inserting malicious DLLs into the same directory as the document.
"Given that this is a client-side vulnerability, affected users should avoid opening untrusted files whose extensions are associated with Corel software and contain any of the [affected] DLL files," Accossatto said in an advisory.
"When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document."
At least eight Corel products are all affected by the vulnerabilities including:
  • CorelDRAW X7
  • Corel Photo-Paint X7
  • Corel PaintShop Pro X7
  • CorelCAD 2014
  • Corel Painter 2015
  • Corel PDF Fusion
  • Corel VideoStudio PRO X7
  • Corel FastFlick
Corel was warned of the vulnerabilities in its products on December 9, 2014, followed by another email on December 17, 2014 with a request to confirm receiving the previous message. But there was no response from the vendor. The Core team then contacted the company again via Twitter on January 2, but again received no response, hence disclosed it publicly.

There are no patches available for the vulnerabilities yet.
"Corel is reviewing its products on a case-by-case basis to safeguard dynamic loading of DLL files, which is a common vulnerability in many Windows applications," said Jessica Gould, senior communications manager for Corel, in a statement Tuesday.
"Corel makes frequent updates to our applications and these changes have been made a priority for the next update of any affected Corel product. We would like to assure our users that we are not aware of any exploits of this issue with our software."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.