Cisco has patched its Jabber conferencing and messaging program against a crucial vulnerability which makes it easy for attackers to run malicious code which could spread from computer to computer with no user interaction needed. Again.
The vulnerability, which has been revealed in September, ” was the consequence of many flaws found by investigators at security company Watchcom Security. To begin with, the program failed to correctly filter potentially malicious components in user-sent messages. The filter has been based on an unfinished blocklist which may be bypassed with a programming feature called onanimationstart.
Messages which included the feature {} to DOM of the embedded browser. Since the browser has been established in the Chromium Embedded Framework, it might execute any scripts which created it through the filter.
Read 5 staying sentences | Remarks