1-Click Flaws in Popular Desktop Apps Allowed Remote Code Execution

1-Click Flaws in Popular Desktop Apps Allowed Remote Code Execution

Today, Positive Security issued a report in which they describe multiple one-click vulnerabilities in a variety of popular software applications allowing an attacker to potentially execute arbitrary code.

The flaws were discovered by researchers Fabian Bräunlein and Lukas Euler of Positive Security. According to them, some of the affected apps are Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.

The vulnerabilities stem from improper validation of URL input. Such malicious URLs opened by the user within the operating system lead to the execution of a malicious file hosted on the attacker-controlled cloud storage.

“Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction,” the researchers said. “Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application’s URI handler is exploited.” 

Positive Security researchers found many apps that improperly validated URLs which could allow an adversary to serve the victim a specially-crafted link pointing to a piece of malicious code, resulting in remote code execution.

Positive Security responsibly disclosed the flaws to the app owners and most have released patches to fix the flaws. Among those patched apps are Nextcloud (flaw fixed in version 3.1.3 of Desktop Client), Telegram (fixed on February 10), VLC Player (fixed in the upcoming 3.0.13), OpenOffice (fixed in the upcoming 4.1.10), LibreOffice (fixed in Windows), Mumble (fixed in version 1.3.4), Dogecoin (fixed in version 1.14.3), Bitcoin ABC (fixed in version 0.22.15), Bitcoin Cash (fixed in version 23.0.0), Wireshark (fixed in version 3.4.4), and WinSCP (fixed in version 5.17.10).

The researchers urged system operators to patch the  flaws as soon as possible:

“Due to the diversity of client systems and their configuration states, it is crucial that every party involved takes on some amount of responsibility and adds their contribution in the form of mitigation measures.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.