GitHub_MCVE-2023-50254CVE-2023-50254
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
EPSS
Percentile
76.5%
Deepin Linux’s default document reader deepin-reader software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| deepin | deepin_reader | * | cpe:2.3:a:deepin:deepin_reader:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "linuxdeepin",
"product": "developer-center",
"versions": [
{
"version": "< 6.0.7",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
EPSS
Percentile
76.5%