Deepin Linux's deepin-reader Software Vulnerable to Remote Command Execution
CVE-2023-50254
Key Information:
- Vendor
linuxdeepin
- Status
- Vendor
- CVE Published:
- 22 December 2023
Badges
What is CVE-2023-50254?
The Deepin Linux document reader, known as deepin-reader, has a vulnerability related to remote command execution stemming from a design flaw. This weakness allows an attacker to execute commands on a victim's system by using a specially crafted .docx document, potentially overwriting critical files such as .bash_rc and .bash_login. The exploitation of this vulnerability occurs when the affected user opens the terminal application. Users are advised to upgrade to version 6.0.7, which includes patches addressing this issue.
Affected Version(s)
developer-center < 6.0.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
securityonline.infoCVE-2023-50254CVE-2023-50254 Archives
VulnerabilityDecember 23, 2023CVE-2023-50254 – Deepin-Reader Flaw: A Shortcut to Remote Command ExecutionDeepin Linux, renowned for its beauty and simplicity, is a hallmark of open-source technology....
CVE-2024-22233: A high-severity Spring Framework Vulnerability
CVE-2024-22233 (CVSS 7.5) allows an attacker to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by Penetration Testing
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved