>

ALERT-Sri Lanka CERT|CC - Vulnerability in Facebook Messenger for Windows

Vulnerability in Facebook Messenger for Windows

Threat Level

MEDIUM

Software Affected

  • Facebook Messenger Desktop Application version 460.16

Overview

This vulnerability allows an attacker to execute malicious files already present on a compromised system. 

Description

According to the researchers, this vulnerability application triggers a call to load Windows Powershell from the location of “C:\python27”. This path automatically creates when installing python version 2.7 which does not commonly exist in most windows installations. 

An attacker could hijack such calls to load potentially non-existence resources to covertly execute malware to gain persistence and extended access to the system. 

Impact

  • Possibility of exposing confidential information to unauthorized parties
  • The system could be infected with malware

 Solution/ Workarounds

  • Upgrade to the latest Facebook Messenger Desktop version 480.5

           https://www.microsoft.com/en-us/p/messenger/9wzdncrf0083?activetab=pivot:overviewtab

 Reference 

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Source: Sri Lanka CERT|CC

Rate this item
(0 votes)

Leave a comment

Please do not enter any marketing or illegal statements | කරුණාකර අලෙවිකරණ හෝ නීති විරෝධී ප්‍රකාශන ඇතුළත් නොකරන්න.

More in this category:

Subscribe to Weekly Email Newsletter




Joomla Extensions powered by Joobi

Articles Archive

Articles Calendar

« October 2020 »
Mon Tue Wed Thu Fri Sat Sun
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
006136797
Today
Yesterday
This Week
Last Week
This Month
Last Month
All days
4132
6593
48090
5538949
173287
249836
6136797
Your IP: 101.51.141.20
2020-10-24 20:38

Video Of The Day

Go to top