>

ALERT-Sri Lanka CERT|CC - Vulnerability in Facebook Messenger for Windows

Vulnerability in Facebook Messenger for Windows

Threat Level

MEDIUM

Software Affected

  • Facebook Messenger Desktop Application version 460.16

Overview

This vulnerability allows an attacker to execute malicious files already present on a compromised system. 

Description

According to the researchers, this vulnerability application triggers a call to load Windows Powershell from the location of “C:\python27”. This path automatically creates when installing python version 2.7 which does not commonly exist in most windows installations. 

An attacker could hijack such calls to load potentially non-existence resources to covertly execute malware to gain persistence and extended access to the system. 

Impact

  • Possibility of exposing confidential information to unauthorized parties
  • The system could be infected with malware

 Solution/ Workarounds

  • Upgrade to the latest Facebook Messenger Desktop version 480.5

           https://www.microsoft.com/en-us/p/messenger/9wzdncrf0083?activetab=pivot:overviewtab

 Reference 

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Source: Sri Lanka CERT|CC

Rate this item
(0 votes)

Leave a comment

Please do not enter any marketing or illegal statements | කරුණාකර අලෙවිකරණ හෝ නීති විරෝධී ප්‍රකාශන ඇතුළත් නොකරන්න.

More in this category:

Subscribe to Weekly Email Newsletter




Joomla Extensions powered by Joobi

Articles Archive

Articles Calendar

« July 2020 »
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
005359367
Today
Yesterday
This Week
Last Week
This Month
Last Month
All days
6853
7800
36262
4770570
14653
257087
5359367
Your IP: 3.235.22.104
2020-07-02 21:40

Video Of The Day

Go to top