- Facebook Messenger Desktop Application version 460.16
This vulnerability allows an attacker to execute malicious files already present on a compromised system.
According to the researchers, this vulnerability application triggers a call to load Windows Powershell from the location of “C:\python27”. This path automatically creates when installing python version 2.7 which does not commonly exist in most windows installations.
An attacker could hijack such calls to load potentially non-existence resources to covertly execute malware to gain persistence and extended access to the system.
- Possibility of exposing confidential information to unauthorized parties
- The system could be infected with malware
- Upgrade to the latest Facebook Messenger Desktop version 480.5
The information provided herein is on "as is" basis, without warranty of any kind.
Source: Sri Lanka CERT|CC