CVE-2023-47251

Name of the Vulnerable Software and Affected Versions mprivacy-tools versions prior to 2.0.406g

Description A Directory Traversal issue in the print function of the VNC service allows authenticated attackers with access to a VNC session to transfer malicious PDF documents. This is done by moving the documents into the .spool directory and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem.

Recommendations For versions prior to 2.0.406g, update to version 2.0.406g or later to resolve the issue. As a temporary workaround, consider restricting access to the VNC service or disabling the print function to minimize the risk of exploitation.