Vulnerability — CVE-2023-50254

CVE-2023-50254

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-50254
Description:: Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
Last updated date:: 01/03/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/22/2023
Reference url to background: https://github.com/febinrev/deepin-linux_reader_RCE-exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/03/2024
Reference url to background: https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495