#VU85779 OS Command Injection in atril - CVE-2023-51698
Published: January 24, 2024 / Updated: January 26, 2024
Vulnerability identifier: #VU85779
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2023-51698
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
atril
atril
Software vendor:
MATE Desktop
MATE Desktop
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when handling CBT documents. A remote attacker can trick the victim to open a specially crafted document and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.