The computer is capable of being hacked with just 1 click if these popular applications are installed
Security experts Fabian Braunlein and Lukas Euler of Positive Security discovered these problems on apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin / Dogecoin Wallets, Wireshark and Mumble.
'Desktop applications that pass a user-supplied URL to open by the operating system are more likely to present a code execution vulnerability under user interaction. Code execution is achievable when a URL pointing to a malicious executable (.desktop, .jar, .exe .) hosted on an internet accessible file (nfs, webdav, smb .) is opened or an additional vulnerability in the open application's URI handler is exploited '- experts information.
That is, the vulnerabilities stem from input URL validation. When they are opened by the operating system without proper authorization, malicious files are accidentally executed.
Positive Security analysis shows that many applications are unable to validate the URL, so the hacker has a chance to create a specially designed link pointing to an attack code, leading to remote code execution. .

Once detected, most apps have already rolled out a patched update:
- Nextcloud - Fixed in version 3.1.3 for Desktop Client, released February 24 (CVE-2021-22879)
- Telegram - Issue reported Jan. 11 and then fixed on the server side by February 10.
- VLC Player - Issue reported on January 18, bug fix version 3.0.13 released a week later.
- OpenOffice - To be fixed in the next patch (CVE-2021-30245)
- LibreOffice - Fixed in Windows, but the vulnerability still exists in Xubuntu (CVE-2021-25631)
- Mumble - Fixed in version 1.3.4 released February 10 (CVE-2021-27229)
- Dogecoin - Fixed in version 1.14.3 released February 28
- Bitcoin ABC - Fixed in version 0.22.15 released March 9
- Bitcoin Cash - Fixed in version 23.0.0 (preparing to release)
- Wireshark - Fixed in version 3.4.4 released March 10 (CVE-2021-22191)
- WinSCP - Fixed in version 5.17.10 released February 26 (CVE-2021-3331)
This issue spans multiple layers of the application stack on the targeted system, so any layer's maintenance tool can easily push the real burden, the researchers said. show mitigation measures towards the remaining layers ".
As such, it is important that all stakeholders assume some responsibility and put in place risk mitigation measures, such as URL validation and automatic remote mount remote sharing.
You should read it
- Compare LibreOffice and OpenOffice
- How to Back Up and Transfer Your OpenOffice or LibreOffice Settings
- 3 ways to customize menus and toolbars in LibreOffice
- What's new in LibreOffice version 4.4?
- How to install and set up Mumble server
- LibreOffice 7.2.2/7.1.6 , download LibreOffice 7.2.2/7.1.6 here
- 7 best safety wallets for Bitcoin and other electronic currencies
- How to install Nextcloud server on Windows 10
- How to Install Wireshark on Debian 11
- How to install Nextcloud with OnlyOffice in Ubuntu
- Bitcoin wallet: Things that the 'newcomers' need to know
- When will the Dogecoin fever cool down?
Maybe you are interested
The advantages and risks you may face of having children in your 20s and 30s How to create permanent tab groups in Google Chrome What is virtual RAM on smartphones? Is this the trend of the future? How to buy more Google Drive storage 10 tips to help reduce stress fatigue for office workers can be applied immediately Tips to get dozens of free Gold Coins on Mobile Union