Description

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.

INFO

Published Date :

2024-11-11T00:00:00.000Z

Last Modified :

2024-11-19T19:07:43.887Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50636 vulnerability.

Vendors Products
Schrodinger
  • Pymol
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50636.

URL Resource
https://github.com/schrodinger/pymol-open-source/issues/405 cve-icon cve-icon
https://github.com/yamerooo123/CVE/blob/main/CVE-2024-50636/Description.md cve-icon cve-icon
https://youtu.be/SWnN_a1tUNc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact