|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
The specific flaw exists within the conversion from documents formatted for Microsoft Word. By providing a malformed file, an attacker can cause memory to be written past the end of a heap buffer. An attacker could leverage this vulnerability to execute arbitrary code under the context of the current user.
07/28/2015 - ZDI Coordinator sat in a vendor chat help window waiting for assistance without response
Given the stated purpose of Corel WordPerfect, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.
|CREDIT||Dave Weinstein - HP Zero Day Initiative