CVE-2013-3248

Corel PDF Fusion <1.11 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3248. PoCs published by Metasploit, Kaveh Ghaemmaghami, juan vazquez, including Metasploit module exploits/windows/fileformat/corelpdf_fusion_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Corel PDF Fusion 1.11 by crafting a malicious XPS file with an overly long entry name, leading to arbitrary code execution when opened by the victim.

Description

Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/26805

This Metasploit module exploits a stack-based buffer overflow in Corel PDF Fusion 1.11 by crafting a malicious XPS file with an overly long entry name, leading to arbitrary code execution when opened by the victim.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Corel PDF Fusion 1.11
No auth needed
Prerequisites: Victim must open the malicious XPS file with Corel PDF Fusion 1.11
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Kaveh Ghaemmaghami, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb

This Metasploit module exploits a stack-based buffer overflow in Corel PDF Fusion 1.11 by crafting a malicious XPS file with an overly long entry name, leading to arbitrary code execution when opened by the target user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Corel PDF Fusion 1.11
No auth needed
Prerequisites: Target user must open the malicious XPS file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52707
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/94934

Scores

EPSS 0.1856
EPSS Percentile 96.9%

Details

Status published
Products (1)
corel/pdf_fusion 1.11
Published Oct 03, 2013
Tracked Since Feb 18, 2026