CVE-2013-3248

Corel PDF Fusion <1.11 - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/26805

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Kaveh Ghaemmaghami, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://secunia.com/advisories/52707

[Third Party Advisory, VDB Entry] http://osvdb.org/show/osvdb/94934

Scores

EPSS 0.5953

EPSS Percentile 98.3%

Details

Status published

Products (1)

corel/pdf_fusion 1.11

Published Oct 03, 2013

Tracked Since Feb 18, 2026