5 matches found
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
Cross site request forgery (csrf)
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 is affected by an issue in its custom URI handler due to improper quoting, connected to an incomplete fix for CVE-2019-12569. A malicious site could launch Viber with arbitrary parameters, forcing a victim to initiate an NTLM authentication request, potentially r...
CVE-2019-12569
CVE-2019-12569 affects Viber for Desktop (Windows) prior to 10.7.0, due to unsafe search paths in the URI handler. A targeted user must click a malicious link; successfully, the app loads libraries from the URI-specified directory and could execute arbitrary commands with the user’s privileges. C...