CVE-2023-50254

Deepin Reader RCE vulnerability due to a design flaw

CVSS 9.3 CRITICALEPSS 2.1%CWE-22 CWE-27

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H

Affected products

linuxdeepin · developer-center

public PoCs found — 1

githubgithub.com/febinrev/deepin-linux_reader_RCE-exploit★ 16

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04 https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6 https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495