|
96767 | 96767 | "session_types": false, |
96768 | 96768 | "needs_cleanup": null |
96769 | 96769 | }, |
| 96770 | + "exploit_multi/fileformat/ghostscript_format_string_cve_2024_29510": { |
| 96771 | + "name": "Ghostscript Command Execution via Format String", |
| 96772 | + "fullname": "exploit/multi/fileformat/ghostscript_format_string_cve_2024_29510", |
| 96773 | + "aliases": [ |
| 96774 | + |
| 96775 | + ], |
| 96776 | + "rank": 600, |
| 96777 | + "disclosure_date": "2024-03-14", |
| 96778 | + "type": "exploit", |
| 96779 | + "author": [ |
| 96780 | + "Thomas Rinsma", |
| 96781 | + "Christophe De La fuente" |
| 96782 | + ], |
| 96783 | + "description": "This module exploits a format string vulnerability in Ghostscript\n versions before 10.03.1 to achieve a SAFER sandbox bypass and execute\n arbitrary commands. This vulnerability is reachable via libraries such as\n ImageMagick.\n\n This exploit only works against Ghostscript versions 10.03.0 and\n 10.01.2. Some offsets adjustement will probably be needed to make it\n work with other versions.", |
| 96784 | + "references": [ |
| 96785 | + "CVE-2024-29510", |
| 96786 | + "URL-https://bugs.ghostscript.com/show_bug.cgi?id=707662", |
| 96787 | + "URL-https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/" |
| 96788 | + ], |
| 96789 | + "platform": "Linux,Unix,Windows", |
| 96790 | + "arch": "cmd, x86, x64", |
| 96791 | + "rport": null, |
| 96792 | + "autofilter_ports": [ |
| 96793 | + |
| 96794 | + ], |
| 96795 | + "autofilter_services": [ |
| 96796 | + |
| 96797 | + ], |
| 96798 | + "targets": [ |
| 96799 | + "Linux Command" |
| 96800 | + ], |
| 96801 | + "mod_time": "2024-07-19 16:19:56 +0000", |
| 96802 | + "path": "/modules/exploits/multi/fileformat/ghostscript_format_string_cve_2024_29510.rb", |
| 96803 | + "is_install_path": true, |
| 96804 | + "ref_name": "multi/fileformat/ghostscript_format_string_cve_2024_29510", |
| 96805 | + "check": false, |
| 96806 | + "post_auth": false, |
| 96807 | + "default_credential": false, |
| 96808 | + "notes": { |
| 96809 | + "Stability": [ |
| 96810 | + "crash-safe" |
| 96811 | + ], |
| 96812 | + "SideEffects": [ |
| 96813 | + "artifacts-on-disk" |
| 96814 | + ], |
| 96815 | + "Reliability": [ |
| 96816 | + "repeatable-session" |
| 96817 | + ] |
| 96818 | + }, |
| 96819 | + "session_types": false, |
| 96820 | + "needs_cleanup": null |
| 96821 | + }, |
96770 | 96822 | "exploit_multi/fileformat/gitlens_local_config_exec": { |
96771 | 96823 | "name": "GitLens Git Local Configuration Exec", |
96772 | 96824 | "fullname": "exploit/multi/fileformat/gitlens_local_config_exec", |
|
0 commit comments