Arbitrary command execution vulnerability in Artifex Ghostscript - CVE-2023-36664ID: oval:org.secpod.oval:def:90584 | Date: (C)2023-07-05 (M)2023-12-26 |
Class: VULNERABILITY | Family: windows |
The host is installed with Artifex Ghostscript prior to 10.01.2 and is prone to an arbitrary command execution vulnerability. A flaw is present in the application, which fails to properly validate permission for pipe devices (with the %pipe% prefix or the | pipe character prefix). Successful exploitation allows attackers to make the rogue documents not only to create pages of text and graphics, but also to send system commands into the Ghostscript rendering engine and trick the software into running them.
Platform: |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |