关联漏洞
标题:
InVesalius 安全漏洞
(CVE-2024-42845)
描述:InVesalius是InVesalius开源的一个三维医学影像重建软件。 InVesalius 3.1.99991至3.1.99998版本存在安全漏洞,该漏洞源于组件中存在eval注入问题,允许攻击者通过加载精心设计的DICOM文件执行任意代码。
描述
Exploit For: CVE-2024-42845: Remote Code Execution (RCE) in Invesalius 3.1
介绍
# CVE-2024-42845: Remote Code Execution (RCE) in Invesalius 3.1
## Exploit Details
- **Exploit Title**: Invesalius 3.1 - Remote Code Execution (RCE)
- **Discovered By**: Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
- **Exploit Author**: Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
- **Date**: 2024-08-23
- **Vendor Homepage**: [Invesalius](https://invesalius.github.io/)
- **Software Link**: [Invesalius GitHub Repository](https://github.com/invesalius/invesalius3/tree/master/invesalius)
- **Version**: 3.1.99991 to 3.1.99998
- **Tested on**: Windows
- **CVE**: CVE-2024-42845
## External References
- [Sfoffo Notes](https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-42845)
- [GitHub - partywavesec](https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845)
- [Partywave Research](https://www.partywave.site/show/research/Tic%20TAC%20-%20Beware%20of%20your%20scan)
## Description
A Remote Code Execution (RCE) vulnerability has been identified in the DICOM file import procedure of Invesalius3. Versions affected range from 3.1.99991 to 3.1.99998. The vulnerability allows attackers to execute arbitrary code by tricking the victim into importing a crafted DICOM file into the application.
## Exploit Details
### Vulnerability
The vulnerability is triggered by importing a maliciously crafted DICOM file, allowing the attacker to execute arbitrary code on the victim's machine.
### Impact
- **Remote Code Execution**: The crafted DICOM file can execute arbitrary code on the victim's machine upon import.
- **System Compromise**: An attacker can gain control over the victim's machine, potentially leading to data theft or further exploitation.
## Usage
1. **Prepare a DICOM File**: Obtain a valid DICOM file for modification.
2. **Craft Payload**: Use the script to inject the payload into the DICOM file.
3. **Import into Invesalius3**: The victim imports the crafted file, triggering the RCE.
## Mitigation
Users are advised to update to a version of Invesalius3 that is not affected by this vulnerability and to be cautious when importing DICOM files from untrusted sources.
## Credits
- **Alessio Romano (sfoffo)**
- **Riccardo Degli Esposti (partywave)**
---
**Disclaimer**: This document is for educational purposes only. Unauthorized exploitation of vulnerabilities is illegal and unethical.
文件快照
[4.0K] /data/pocs/c149453653704587f308b6eaaaafe5cfb7262af6
├── [2.1K] CVE-2024-42845.py
└── [2.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。