Attacker Value
Unknown
CVE-2017-8291
CVE-2017-8291
(Last updated July 03, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Metasploit Module
Description
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a “/OutputFile (%pipe%” substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Add Assessment
1
Technical Analysis
Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- artifex,
- debian,
- redhat
Products
- debian linux 8.0,
- enterprise linux desktop 6.0,
- enterprise linux desktop 7.0,
- enterprise linux eus 7.3,
- enterprise linux eus 7.4,
- enterprise linux eus 7.5,
- enterprise linux eus 7.6,
- enterprise linux eus 7.7,
- enterprise linux server 6.0,
- enterprise linux server 7.0,
- enterprise linux server aus 7.3,
- enterprise linux server aus 7.4,
- enterprise linux server aus 7.6,
- enterprise linux server aus 7.7,
- enterprise linux server tus 7.3,
- enterprise linux server tus 7.6,
- enterprise linux server tus 7.7,
- enterprise linux workstation 6.0,
- enterprise linux workstation 7.0,
- ghostscript
Metasploit Modules
Exploited in the Wild
References
Advisory
