CVE-2021-38096 – CVE-2021-38096 is an out-of-bounds write vulner... (How to Fix)

Q: What is the severity of CVE-2021-38096?

CVE-2021-38096 has a CVSS score of 7.8 (HIGH). CVE-2021-38096 is an out-of-bounds write vulnerability in Corel PDF Fusion's coreip.dll that allows arbitrary code execution when parsing malicious PDF files. Users of Corel PDF Fusion 2.6.2.0 are affected. Exploitation requires user interaction through opening a crafted PDF file.

📋 TL;DR

CVE-2021-38096 is an out-of-bounds write vulnerability in Corel PDF Fusion's coreip.dll that allows arbitrary code execution when parsing malicious PDF files. Users of Corel PDF Fusion 2.6.2.0 are affected. Exploitation requires user interaction through opening a crafted PDF file.

💻 Affected Systems

Products:

Corel PDF Fusion

Versions: 2.6.2.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Corel PDF Fusion specifically; other Corel products may have similar vulnerabilities but this CVE is specific to PDF Fusion.

📦 What is this software?

Pdf Fusion by Corel

View all CVEs affecting Pdf Fusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine in the context of the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration through spear-phishing campaigns targeting users who open malicious PDF attachments.

🟢

If Mitigated

No impact if users avoid opening untrusted PDF files or if the software is patched/disabled.

🌐 Internet-Facing: LOW - Exploitation requires local file access and user interaction, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Risk exists within organizations where users might open malicious PDFs from internal sources like email attachments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (opening malicious file) but no authentication. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Corel for updated version

Vendor Advisory: https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-vulnerabilities-across-multiple-corel-products

Restart Required: Yes

Instructions:

1. Check Corel website for security updates. 2. Download and install latest version of Corel PDF Fusion. 3. Restart system after installation.

🔧 Temporary Workarounds

Disable PDF Fusion file association

windows

Prevent PDF files from automatically opening with Corel PDF Fusion

Control Panel > Default Programs > Set Default Programs > Choose another program for PDF files

Use alternative PDF viewer

windows

Configure system to use a different, patched PDF viewer as default

🧯 If You Can't Patch

Restrict user permissions to limit impact of code execution
Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check installed version of Corel PDF Fusion in Control Panel > Programs and Features

Check Version:

wmic product where name="Corel PDF Fusion" get version

Verify Fix Applied:

Verify version is updated beyond 2.6.2.0 and check Corel security advisories

📡 Detection & Monitoring

Log Indicators:

Application crashes of Corel PDF Fusion
Unexpected process creation from PDF Fusion

Network Indicators:

Outbound connections from PDF Fusion process to suspicious domains

SIEM Query:

Process creation where parent_process contains "PDFFusion" OR file_access where file_extension="pdf" AND process_name contains "PDFFusion"

📊 Metadata

CVE ID: CVE-2021-38096

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 1, 2021

Last Updated: November 21, 2024

🔗 References

https://www.fortiguard.com/zeroday/FG-VD-21-025 Third Party Advisory
https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-vulnerabilities-across-multiple-corel-products Third Party Advisory
https://www.fortiguard.com/zeroday/FG-VD-21-025 Third Party Advisory
https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-vulnerabilities-across-multiple-corel-products Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38096, you might also want to check these: