viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
A single text is all it took to unleash code-execution worm in Cisco Jabber
Technology

A single text is all it took to unleash code-execution worm in Cisco Jabber

04/09/2020

Promotional screenshot of collaborative video conferencing app.

Until Wednesday, a single text message sent through Cisco’s Jabber collaboration application was all it took to touch off a self-replicating attack that would spread malware from one Windows user to another, researchers who developed the exploit said.

The wormable attack was the result of several flaws, which Cisco patched on Wednesday, in the Chromium Embedded Framework that forms the foundation of the Jabber client. A filter that’s designed to block potentially malicious content in incoming messages failed to scrutinize code that invoked a programming interface known as “onanimationstart.”

Jumping through hoops

But even then, the filter still blocked content that contained <style>, an HTML tag that had to be included in a malicious payload. To bypass that protection, the researchers used code that was tailored to a built-in animation component called spinner-grow. With that, the researchers were able to achieve a cross-site scripting exploit that injected a malicious payload directly into the internals of the browser built into Jabber.

A security sandbox built into the Chromium Embedded Framework, or CEF, would normally store the payload in a container that’s isolated from sensitive parts of the app. To work around this constraint, the researchers abused the window.CallCppFunction, which is designed to open files sent by other Cisco Jabber users. By manipulating a function parameter that accepts files, the researchers were able to break out of the sandbox.

“Since Cisco Jabber supports file transfers, an attacker can initiate a file transfer containing a malicious .exe file and force the victim to accept it using an XSS attack,” researchers from security firm Watchcom Security wrote in a post. “The attacker can then trigger a call to window.CallCppFunction, causing the malicious file to be executed on the victim’s machine.”

Computer worms are among the most potent types of malware attack because a single strike can touch off a chain of follow-on damage, in much the way toppling a domino causes thousands of dominos behind it to fall. When the wormable attack achieves remote code execution—as is the case here—worms are the most severe. Fixes from Cisco come as more businesses are relying on video conferencing to conduct everyday work.

Accordingly, CVE-2020-3495, the designation assigned to the Cisco Jabber vulnerability, has a severity rating of 9.9 out of a maximum 10 based on the Common Vulnerability Scoring System. Cisco’s advisory has more details here.

More code execution

The Watchcom researchers devised a separate code-execution attack that exploited a different vulnerability. That one worked by abusing Cisco Jabber protocol handlers, which help the operating system know what to do when a user clicks on a URL containing a Jabber-specific protocol.

The researchers explained:

These protocol handlers are vulnerable to command injection because they fail to consider URLs that contain spaces. By including a space in the URL, an attacker can inject arbitrary command line flags that will be passed to the application. Since the application uses CEF and accepts Chromium command line flags, several flags that can be used to execute arbitrary commands or load arbitrary DLLs exist. An example of such a flag is –GPU-launcher. This flag specifies a command that will be executed when CEFs GPU process is started.

This vulnerability can be combined with the XSS vulnerability to achieve code execution without transferring any files to the victim. This makes it possible to deliver malware without writing any files to disk, thus bypassing most antivirus software.

The video below demonstrates the proof-of-concept exploit they developed.

Cisco Jabber Exploit Demo—discovered by Watchcom Security Group

CVE-2020-3430 carries a severity score of 8.8.

Two other vulnerabilities—CVE-2020-3537 and CVE-2020-3498—have severity ratings of 5.7 and 6.5, respectively.

The vulnerabilities affect Cisco Jabber for Windows versions 12.1 through 12.9.1. People using vulnerable versions should update as soon as possible.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Uber creates AI to generate data for training other AI models
Generative adversarial networks (GANs) — two-part AI systems consisting of …

Uber creates AI to generate data for training other AI models

Fall Guys Season 2 gets new medieval games and cosmetics
Fall Guys is getting all-new content as part of its …

Fall Guys Season 2 gets new medieval games and cosmetics

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Frost Giant Studios raises $4.7 million for real-time strategy game revival
    Frost Giant Studios raises $4.7 million for …
    21/10/2020
  • Buffer overruns, license violations, and bad code: FreeBSD 13’s close call
    Buffer overruns, license violations, and bad code: …
    26/03/2021
  • The RetroBeat: The 10 best U.S. launch titles ever
    The RetroBeat: The 10 best U.S. launch …
    15/08/2020
  • Skillz launches mobile game tournaments to raise donations for American Red Cross
    Skillz launches mobile game tournaments to raise …
    28/03/2020
  • TechCrunch’s Favorite Things of 2019
    Dear Sophie: How do I get visas …
    17/03/2020

Popular Posts

  • 100 million more IoT devices are exposed—and they won’t be the last
    100 million more IoT devices are exposed—and …
    14/04/2021 0
  • Mimecast says SolarWinds hackers breached its network and spied on customers
    Mimecast says SolarWinds hackers breached its network …
    16/03/2021 0
  • Touch of gray: The Air Force can’t retire the Boeing 707
    Touch of gray: The Air Force can’t …
    17/03/2021 0
  • Top 10 Places Creepier Than Stephen King’s …
    17/03/2021 0
  • Top 10 Things You Should Know About …
    17/03/2021 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2021 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh