1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Corel PDF Fusion CVE-2013-3248

Web Attack: Corel PDF Fusion CVE-2013-3248

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit a buffer overflow vulnerability in Corel PDF Fusion which could result in remote code execution.

Additional Information

Corel PDF Fusion is an application used to create PDF files.

The application is prone to multiple vulnerabilities that let attackers execute arbitrary code.

1. An arbitrary code-execution vulnerability occurs because the application loads the 'wintab32.dll' dynamic link library files in an insecure manner. This issue can be exploited to load arbitrary libraries by tricking a user into opening the '.pdf' or '.xps' file types.

Attackers can exploit this issue remotely by placing the files in a remotely accessible SMB or WebDAV share location.

2. A stack-based buffer-overflow vulnerability occurs because it fails to properly bounds-check user-supplied data when parsing 'names' in ZIP directory entries of a 'XPS' file. Attackers can exploit this issue by tricking a user into opening a specially crafted .xps' file.

Successful exploits will allow the attackers to execute arbitrary code in the context of the user running the affected application.


  • Corel PDF Fusion 1.11 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube