Attacker Value
Low
CVE-2017-1000083
CVE-2017-1000083
(Last updated October 05, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Metasploit Module
Description
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a “—” command-line option substring, as demonstrated by a —checkpoint-action=exec=bash at the beginning of the filename.
Add Assessment
3
Technical Analysis
Does rely on a user to download and open an injected .cbt file with a vulnerable version of Evince (though the preview functionality of file manager software might trigger the injection without requiring the user to expressly open the file).
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- debian,
- gnome,
- redhat
Products
- debian linux 8.0,
- debian linux 9.0,
- enterprise linux desktop 7.0,
- enterprise linux server 7.0,
- enterprise linux server 7.4,
- enterprise linux server 7.5,
- enterprise linux server 7.6,
- enterprise linux server aus 7.4,
- enterprise linux server aus 7.6,
- enterprise linux server eus 7.4,
- enterprise linux server eus 7.5,
- enterprise linux server eus 7.6,
- enterprise linux server tus 7.4,
- enterprise linux server tus 7.6,
- enterprise linux workstation 7.0,
- evince
Metasploit Modules
References
