POC详情: c149453653704587f308b6eaaaafe5cfb7262af6

来源
关联漏洞
标题: InVesalius 安全漏洞 (CVE-2024-42845)
描述:InVesalius是InVesalius开源的一个三维医学影像重建软件。 InVesalius 3.1.99991至3.1.99998版本存在安全漏洞,该漏洞源于组件中存在eval注入问题,允许攻击者通过加载精心设计的DICOM文件执行任意代码。
描述
Exploit For: CVE-2024-42845: Remote Code Execution (RCE) in Invesalius 3.1
介绍
# CVE-2024-42845: Remote Code Execution (RCE) in Invesalius 3.1

## Exploit Details

- **Exploit Title**: Invesalius 3.1 - Remote Code Execution (RCE)
- **Discovered By**: Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
- **Exploit Author**: Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
- **Date**: 2024-08-23
- **Vendor Homepage**: [Invesalius](https://invesalius.github.io/)
- **Software Link**: [Invesalius GitHub Repository](https://github.com/invesalius/invesalius3/tree/master/invesalius)
- **Version**: 3.1.99991 to 3.1.99998
- **Tested on**: Windows
- **CVE**: CVE-2024-42845

## External References

- [Sfoffo Notes](https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-42845)
- [GitHub - partywavesec](https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845)
- [Partywave Research](https://www.partywave.site/show/research/Tic%20TAC%20-%20Beware%20of%20your%20scan)

## Description

A Remote Code Execution (RCE) vulnerability has been identified in the DICOM file import procedure of Invesalius3. Versions affected range from 3.1.99991 to 3.1.99998. The vulnerability allows attackers to execute arbitrary code by tricking the victim into importing a crafted DICOM file into the application.

## Exploit Details

### Vulnerability

The vulnerability is triggered by importing a maliciously crafted DICOM file, allowing the attacker to execute arbitrary code on the victim's machine.

### Impact

- **Remote Code Execution**: The crafted DICOM file can execute arbitrary code on the victim's machine upon import.
- **System Compromise**: An attacker can gain control over the victim's machine, potentially leading to data theft or further exploitation.

## Usage

1. **Prepare a DICOM File**: Obtain a valid DICOM file for modification.
2. **Craft Payload**: Use the script to inject the payload into the DICOM file.
3. **Import into Invesalius3**: The victim imports the crafted file, triggering the RCE.

## Mitigation

Users are advised to update to a version of Invesalius3 that is not affected by this vulnerability and to be cautious when importing DICOM files from untrusted sources.

## Credits

- **Alessio Romano (sfoffo)**
- **Riccardo Degli Esposti (partywave)**

--- 

**Disclaimer**: This document is for educational purposes only. Unauthorized exploitation of vulnerabilities is illegal and unethical.

![Repo View Counter](https://profile-counter.glitch.me/CVE-2024-42845/count.svg)
文件快照

[4.0K] /data/pocs/c149453653704587f308b6eaaaafe5cfb7262af6 ├── [2.1K] CVE-2024-42845.py └── [2.4K] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。