CVE-2017-8291

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions through 2017-04-26

Description The issue is related to a type confusion vulnerability in the .rsdparams operator, allowing remote command execution and bypass of the -dSAFER protection mechanism. This can be achieved by using a crafted .eps document with a "/OutputFile (%pipe%" substring as input to the gs program. The vulnerability was exploited in the wild in April 2017. It is also used by the APT37 group to target individuals for intelligence gathering, often through phishing emails containing malicious attachments that exploit an old EPS vulnerability in the Hangul text processor.

Recommendations For Artifex Ghostscript versions through 2017-04-26, update to a version released after 2017-04-26 to fix the vulnerability. As a temporary workaround, consider disabling the use of .rsdparams operator in crafted .eps documents until a patch is available. Restrict access to the gs program to minimize the risk of exploitation. Avoid using the "/OutputFile (%pipe%" substring in .eps documents until the issue is resolved.