Main Vulnerability Database Exploits ID:5543 - Exploit for OS command injection in Ghostscript - CVE-2018-16509

ID:5543 - Exploit for OS command injection in Ghostscript - CVE-2018-16509

Published: June 9, 2021

Vulnerability identifier: #VU14690

Vulnerability risk: High

CVE-ID: CVE-2018-16509

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
Ghostscript

Link to public exploit:

https://github.com/AssassinUKG/CVE_2018_16509

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to /invalidaccess checks can be bypassed after a restore failure. A remote unauthenticated attacker can trick the victim into opening a specially crafted PostScript file that submits malicious input and execute arbitrary shell commands.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: original fix for this vulnerability was incomplete in version 9.24. Vendor has issued another patch.

Remediation

Update to version 9.25.

ID:5543 - Exploit for OS command injection in Ghostscript - CVE-2018-16509

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human