Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.

The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.

buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.

setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.

get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.

Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.