The computer is capable of being hacked with just 1 click if these popular applications are installed
Security experts Fabian Braunlein and Lukas Euler of Positive Security discovered these problems on apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin / Dogecoin Wallets, Wireshark and Mumble.
'Desktop applications that pass a user-supplied URL to open by the operating system are more likely to present a code execution vulnerability under user interaction. Code execution is achievable when a URL pointing to a malicious executable (.desktop, .jar, .exe .) hosted on an internet accessible file (nfs, webdav, smb .) is opened or an additional vulnerability in the open application's URI handler is exploited '- experts information.
That is, the vulnerabilities stem from input URL validation. When they are opened by the operating system without proper authorization, malicious files are accidentally executed.
Positive Security analysis shows that many applications are unable to validate the URL, so the hacker has a chance to create a specially designed link pointing to an attack code, leading to remote code execution. .
Once detected, most apps have already rolled out a patched update:
- Nextcloud - Fixed in version 3.1.3 for Desktop Client, released February 24 (CVE-2021-22879)
- Telegram - Issue reported Jan. 11 and then fixed on the server side by February 10.
- VLC Player - Issue reported on January 18, bug fix version 3.0.13 released a week later.
- OpenOffice - To be fixed in the next patch (CVE-2021-30245)
- LibreOffice - Fixed in Windows, but the vulnerability still exists in Xubuntu (CVE-2021-25631)
- Mumble - Fixed in version 1.3.4 released February 10 (CVE-2021-27229)
- Dogecoin - Fixed in version 1.14.3 released February 28
- Bitcoin ABC - Fixed in version 0.22.15 released March 9
- Bitcoin Cash - Fixed in version 23.0.0 (preparing to release)
- Wireshark - Fixed in version 3.4.4 released March 10 (CVE-2021-22191)
- WinSCP - Fixed in version 5.17.10 released February 26 (CVE-2021-3331)
This issue spans multiple layers of the application stack on the targeted system, so any layer's maintenance tool can easily push the real burden, the researchers said. show mitigation measures towards the remaining layers ".
As such, it is important that all stakeholders assume some responsibility and put in place risk mitigation measures, such as URL validation and automatic remote mount remote sharing.
You should read it
- Compare LibreOffice and OpenOffice
- How to Back Up and Transfer Your OpenOffice or LibreOffice Settings
- 3 ways to customize menus and toolbars in LibreOffice
- What's new in LibreOffice version 4.4?
- How to install and set up Mumble server
- LibreOffice 7.2.2/7.1.6 , download LibreOffice 7.2.2/7.1.6 here
- 7 best safety wallets for Bitcoin and other electronic currencies
- How to install Nextcloud server on Windows 10
- How to Install Wireshark on Debian 11
- How to install Nextcloud with OnlyOffice in Ubuntu
- Bitcoin wallet: Things that the 'newcomers' need to know
- When will the Dogecoin fever cool down?
Maybe you are interested
Speaker icon on computer is crossed out Win 11 [Fixed]
[99% Fixed] Clock Watchdog Timeout Blue Screen Error
Finding the cause of the Fn key being reversed (Fixed)
What does it mean when the computer shows Windows is loading files? Can it be fixed?
Fixed an issue where there was no video signal when the TV was connected via HDMI
Fixed an error when opening DWG files in CorelDRAW