Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a…
GitHub_M·CWE-22·Published 2023-12-22
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
El software de lectura de documentos predeterminado de Deepin Linux, `deepin-reader`, sufre una grave vulnerabilidad en versiones anteriores a la 6.0.7 debido a un fallo de diseño que conduce a la ejecución remota de comandos a través de un documento docx manipulado. Esta es una vulnerabilidad de sobrescritura de archivos. La ejecución remota de código (RCE) se puede lograr sobrescribiendo archivos como .bash_rc, .bash_login, etc. RCE se activará cuando el usuario abra la terminal. La versión 6.0.7 contiene un parche para el problema.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 9.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H |
| 3.1 | Primary | cve.org | 9.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H |
| 3.1 | Primary | NVD | 7.8 | 1.8 | 5.9 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 9.3 | 2.8 | 5.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H |