Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:MISC:VIBER-URI-HANDLER-RCE

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 APP

Keywords

 Viber for Desktop URI Handler Remote Code Execution

Release Date

 2019/08/01

Update Number

 3194

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Viber for Desktop URI Handler Remote Code Execution


This signature detects attempts to exploit a known vulnerability against Viber for Desktop. A successful attack can lead to remote code execution in the context of the application.

Extended Description

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Affected Products

  • Rakuten viber 10.1
  • Rakuten viber 10.2
  • Rakuten viber 10.3
  • Rakuten viber 10.4
  • Rakuten viber 10.5
  • Rakuten viber 10.6
  • Rakuten viber 10.6.0.32
  • Rakuten viber 3.0
  • Rakuten viber 3.0.0.132799
  • Rakuten viber 3.0.0.2300
  • Rakuten viber 4.0.0
  • Rakuten viber 4.0.3
  • Rakuten viber 4.2.2
  • Rakuten viber 5.1.0.847
  • Rakuten viber 5.1.2
  • Rakuten viber 5.2.0
  • Rakuten viber 5.3.0
  • Rakuten viber 5.4.0
  • Rakuten viber 5.9.0
  • Rakuten viber 5.9.1.1
  • Rakuten viber 6.0.0
  • Rakuten viber 6.0.5
  • Rakuten viber 6.1.0
  • Rakuten viber 6.1.1.2
  • Rakuten viber 6.2.0
  • Rakuten viber 6.3.0
  • Rakuten viber 6.4.1
  • Rakuten viber 6.6.1
  • Rakuten viber 6.7.2
  • Rakuten viber 6.8.5
  • Rakuten viber 6.9.1
  • Rakuten viber 6.9.5
  • Rakuten viber 7.0
  • Rakuten viber 7.5.0
  • Rakuten viber 7.6.0.1
  • Rakuten viber 7.7.0
  • Rakuten viber 7.8.0.1
  • Rakuten viber 7.9.0.3
  • Rakuten viber 7.9.5.1
  • Rakuten viber 8.0.0.1
  • Rakuten viber 8.0.0.4
  • Rakuten viber 8.2.0.1
  • Rakuten viber 8.2.0.8
  • Rakuten viber 8.3.0.3
  • Rakuten viber 8.5.0.5
  • Rakuten viber 8.6
  • Rakuten viber 8.7.0.7
  • Rakuten viber 8.7.1.3
  • Rakuten viber 8.8
  • Rakuten viber 9.0
  • Rakuten viber 9.1.0.6
  • Rakuten viber 9.2.0.6
  • Rakuten viber 9.3
  • Rakuten viber 9.4
  • Rakuten viber 9.5
  • Rakuten viber 9.6
  • Rakuten viber 9.6.5
  • Rakuten viber 9.7
  • Rakuten viber 9.7.5
  • Rakuten viber 9.8.5
  • Rakuten viber 9.9
  • Rakuten viber 9.9.4.14
  • Rakuten viber 9.9.6.46

References

  • CVE: CVE-2019-12569

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out