Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.
Support the originator by clicking the read the rest link below.