Vulnerability & Exploit Database

Back to search

Ghostscript Failed Restore Command Execution

This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscript. For previous Ghostscript vectors, please see the following modules: exploit/unix/fileformat/ghostscript_type_confusion exploit/unix/fileformat/imagemagick_delegate

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/fileformat/ghostscript_failed_restore

Authors

  • Tavis Ormandy
  • wvu <wvu [at] metasploit.com>

References

Targets

  • Unix (In-Memory)
  • PowerShell (In-Memory)
  • Linux (Dropper)

Platforms

  • unix
  • linux
  • windows

Architectures

  • cmd
  • x86
  • x64
  • cmd
  • x86, x64

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/fileformat/ghostscript_failed_restore msf exploit(ghostscript_failed_restore) > show targets ...targets... msf exploit(ghostscript_failed_restore) > set TARGET <target-id> msf exploit(ghostscript_failed_restore) > show options ...show and set options... msf exploit(ghostscript_failed_restore) > exploit

Related Vulnerabilities