Deepin Linux's default document reader deepin-reader software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bashrc, .bashlogin, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
{
"cwe_ids": [
"CWE-22",
"CWE-27"
]
}