Deepin Linux’s default document Viewer deepin-reader RCE CVE-2023-50254 Exploit

Deepin Linux’s default document Viewer deepin-reader RCE CVE-2023-50254 Exploit

vBash by Prapattimynk

CVE-2023-50254: PoC Exploit for Deepin-reader RCE that affects unpatched Deepin Linux Desktops. Deepin Linux's default document reader deepin-reader software suffers from a serious vulnerability due t

Android Android 5.0Exploits And POCs
( 578 ratings )
Price: $0
File CVE-2023-50254 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type Bash
Os Linux
Mod Version Bash
Report Report
CVE-2023-50254 Exploit is the most famous version in the CVE-2023-50254 Exploit series of publisher
Download

CVE-2023-50254: PoC Exploit for Deepin-reader RCE that affects unpatched Deepin Linux Desktops. Deepin Linux’s default document reader “deepin-reader” software suffers from a serious vulnerability due to a design flaw that leads to Remote Command Execution via crafted docx document.

Details

Deepin-reader is the default document reader for the Operating System Deepin Linux. The deepin-reader performs some shell command operations while dealing with docx document format.

  1. When opening a docx document , deepin-reader creates a temporary directory under /tmp and places the docx document under the directory
  2. Then deepin-reader calls the “unzip” shell command to extract the docx file
  3. After the extraction process, deepin-reader calls “pandoc” command to convert the docx file to an html file named “temp.html” under word/ directory (created when the docx file is extracted with unzip). The command will look something like this, “pandoc temp.docx -o word/temp.html
  4. Then deepin-reader will try to convert that HTML file to pdf and open the pdf.


Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.