CVE-2019-12569

NONE EPSS 96.3%
Published Jun 3, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 3, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Threat Intelligence

EPSS Exploit Probability
96.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-426

Affected Products 1

VendorProductVersionRange
rakutenviber* <10.7.0

References 1

  • github.com https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-006.md

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.