Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Viber 代码问题漏洞
Vulnerability Description
Viber是一套跨平台的即时通信软件。 Viber 13.2.0.39及之前版本(Windows)中存在安全漏洞,该漏洞源于未正确引用其自定义的URI处理程序。攻击者可借助恶意的网站,使用户发送NTLM身份验证请求利用该漏洞回放该请求,执行代码或捕获哈希值进行离线密码破解。
CVSS Information
N/A
Vulnerability Type
N/A