![]() ![]() Watchcom, the security firm that identified the flaw in the video conferencing and instant messaging application, explains that the code execution is the result of Cross Site Scripting (XSS) through XHTML-IM messages. An attacker able to successfully exploit the vulnerability could execute arbitrary programs on the target system, likely gaining code execution capabilities, Cisco says. ![]() The issue exists because the software fails to properly validate message contents. ![]() Tracked as CVE-2020-3495 and featuring a CVSS score of 9.9, the flaw can be exploited remotely without authentication through sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) message to a vulnerable application. Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |