exploitDog

CVE-2020-16087

Опубликовано: 13 авг. 2020

Источник: nvd

CVSS3: 8.6

CVSS2: 9.3

EPSS Низкий

Описание

An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.

Ссылки

https://github.com/VNG-Zalo
Third Party Advisory
https://threatspike.com
Third Party Advisory
https://www.threatspike.com/blog/cve-2020-16087.html
Exploit
Third Party Advisory
https://github.com/VNG-Zalo
Third Party Advisory
https://threatspike.com
Third Party Advisory
https://www.threatspike.com/blog/cve-2020-16087.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:vng:zalo_desktop:19.8.1.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00168

Низкий

8.6 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-rc98-2856-g86f

github

больше 3 лет назад

An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.

EPSS

Процентиль: 38%

0.00168

Низкий

8.6 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-74