COSIG-2016-11

COSIG-2016-11

#####################################################################################

# Application: Corel WordPerfect Presentation x7
# Platforms: Windows
# Versions: 17.0.0.314
# Author: Francis Provencher of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @COSIG_
# Date: February 12, 2016
# COSIG-2016-11

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

WordPerfect is a word processing application owned by Corel with a long history on multiple personal computer platforms.

(https://en.wikipedia.org/wiki/WordPerfect)

#####################################################################################

============================
2) Report Timeline
============================

2016-01-11: Francis Provencher of COSIG report the issue to Corel;
2016-01-12: Corel acknowledge the vulnerability;
2016-01-14: Corel release a patch;
2016-02-12: COSIG publish this advisory;

#####################################################################################

============================
3) Technical details
============================

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WordPrefect Presentation x7.
User interaction is required to exploit this vulnerability in that the target must open a malicious file.
By providing a malformed XLS file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute
arbitrary code under the context of the application.

#####################################################################################

===========
4) POC
===========

COSIG-2016-11

#####################################################################################