From ca17b283ad1d72b1ffbad0651fa928d7e4458397 Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Wed, 6 Feb 2019 16:11:00 -0800
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 49 +++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index a3c40c9d67..af7a252ea0 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -59658,6 +59658,55 @@
     "notes": {
     }
   },
+  "exploit_multi/fileformat/evince_cbt_cmd_injection": {
+    "name": "Evince CBT File Command Injection",
+    "full_name": "exploit/multi/fileformat/evince_cbt_cmd_injection",
+    "rank": 600,
+    "disclosure_date": "2017-07-13",
+    "type": "exploit",
+    "author": [
+      "Felix Wilhelm",
+      "Sebastian Krahmer",
+      "Matlink",
+      "bcoles <bcoles@gmail.com>"
+    ],
+    "description": "This module exploits a command injection vulnerability in Evince\n        before version 3.24.1 when opening comic book `.cbt` files.\n\n        Some file manager software, such as Nautilus and Atril, may allow\n        automatic exploitation without user interaction due to thumbnailer\n        preview functionality.\n\n        Note that limited space is available for the payload (<256 bytes).\n        Reverse Bash and Reverse Netcat payloads should be sufficiently small.\n\n        This module has been tested successfully on evince versions:\n\n        3.4.0-3.1 + nautilus 3.4.2-1+build1 on Kali 1.0.6;\n        3.18.2-1ubuntu4.3 + atril 1.12.2-1ubuntu0.3 on Ubuntu 16.04.",
+    "references": [
+      "BID-99597",
+      "CVE-2017-1000083",
+      "EDB-45824",
+      "URL-https://seclists.org/oss-sec/2017/q3/128",
+      "URL-https://bugzilla.gnome.org/show_bug.cgi?id=784630",
+      "URL-https://bugzilla.suse.com/show_bug.cgi?id=1046856",
+      "URL-https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1735418",
+      "URL-https://bugs.launchpad.net/ubuntu/+source/atril/+bug/1800662",
+      "URL-https://access.redhat.com/security/cve/cve-2017-1000083",
+      "URL-https://security-tracker.debian.org/tracker/CVE-2017-1000083"
+    ],
+    "is_server": true,
+    "is_client": false,
+    "platform": "Unix",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Automatic"
+    ],
+    "mod_time": "2019-02-03 06:18:31 +0000",
+    "path": "/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "multi/fileformat/evince_cbt_cmd_injection",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
   "exploit_multi/fileformat/ghostscript_failed_restore": {
     "name": "Ghostscript Failed Restore Command Execution",
     "full_name": "exploit/multi/fileformat/ghostscript_failed_restore",