CVE-2023-50254

CVSS V2 None CVSS V3 None
Description
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
Overview
  • CVE ID
  • CVE-2023-50254
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-12-22T16:49:48.977Z
  • Last Modified Date
  • 2023-12-22T16:49:48.977Z
History
Created Old Value New Value Data Type Notes
2024-06-25 18:12:32 Added to TrackCVE