CVE-2021-38110 in WordPerfectinfo

Summary

by MITRE • 10/02/2021

Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 10/08/2021

The vulnerability identified as CVE-2021-38110 represents a critical out-of-bounds write flaw within the Word97Import200.dll component of Corel WordPerfect 2020 version 20.0.0.200. This issue falls under the Common Weakness Enumeration category CWE-787, which specifically addresses out-of-bounds write conditions that occur when a program writes data past the end of a buffer. The vulnerability exists in the document parsing functionality that processes Word 97 format files, indicating that the software fails to properly validate input boundaries when handling crafted malicious documents. The flaw manifests during the import process of legacy Word format files, making it particularly dangerous as it can be triggered through normal document processing activities.

The technical exploitation of this vulnerability requires an attacker to craft a malicious .doc file that, when opened by an unsuspecting user, triggers the out-of-bounds write condition. This type of vulnerability is classified as a remote code execution threat within the MITRE ATT&CK framework under the technique T1203, which encompasses exploitation of remote services and applications. The vulnerability is particularly concerning because it operates with the privileges of the currently logged-in user, meaning successful exploitation could result in full system compromise without requiring administrative privileges. The attack vector is user-initiated, making social engineering aspects of the attack more critical as users must be convinced to open the malicious document.

The operational impact of this vulnerability extends beyond simple code execution as it represents a significant threat to enterprise security environments where document processing is common. WordPerfect's widespread use in business and government sectors means that successful exploitation could lead to data breaches, system compromise, and lateral movement within networks. The vulnerability's requirement for user interaction creates a realistic attack scenario that security teams must consider in their threat modeling exercises. Organizations utilizing Corel WordPerfect 2020 are particularly at risk as the flaw exists in a commonly used productivity application that processes numerous document formats. The out-of-bounds write condition could potentially be leveraged to overwrite critical memory locations, leading to unpredictable behavior or complete system compromise.

Mitigation strategies for CVE-2021-38110 should include immediate patching of the affected software version, as Corel has released updates to address this vulnerability. Security administrators should implement strict document filtering policies that prevent the automatic opening of potentially malicious files, particularly those with .doc extensions from untrusted sources. Network-based intrusion detection systems should be configured to monitor for suspicious file access patterns that might indicate exploitation attempts. Additionally, user education programs should emphasize the importance of not opening unexpected document attachments and verifying document sources before processing. The vulnerability demonstrates the importance of maintaining current security patches and implementing defense-in-depth strategies that include multiple layers of protection against document-based attacks. Organizations should also consider implementing application whitelisting policies that restrict the execution of untrusted document processing applications.

Reservation

08/04/2021

Disclosure

10/02/2021

Moderation

accepted

CPE

ready

EPSS

0.02076

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!