CVE-2023-50254

Name of the Vulnerable Software and Affected Versions Deepin Linux's default document reader deepin-reader versions prior to 6.0.7

Description The issue is caused by a design flaw in the deepin-reader software, leading to remote command execution via crafted docx documents. This is a file overwrite vulnerability, where remote code execution (RCE) can be achieved by overwriting files like .bash rc, .bash login, etc. RCE will be triggered when the user opens the terminal.

Recommendations For versions prior to 6.0.7, update to version 6.0.7, which contains a patch for the issue. As a temporary workaround, consider avoiding the use of deepin-reader for opening docx documents from untrusted sources until the issue is resolved. Restrict access to sensitive files and directories to minimize the risk of exploitation.