June 30, 2022

There’s a safety vulnerability within the VirusTotal platform that has been found by researchers, and it has the potential to be exploited by an attacker to conduct RCE.

Shai Alfasi & Marlon Fabiano da Silva from the Cysource analysis crew has said:-

“They discovered a technique to execute instructions remotely inside VirusTotal platform and acquire entry to its numerous scans capabilities.”

Technical Evaluation


VirusTotal is a service that makes use of over 70 totally different third-party antivirus merchandise to scan suspicious information and URLs for viruses. Right here, by means of the platform’s net consumer interface, an attacker uploads a DjVu file to the platform to be able to conduct the assault.

An exploit may be triggered with this to be able to exploit a high-severity vulnerability within the ExifTool. Utilizing ExifTool, one can learn and edit EXIF metadata data in each scanned pictures and PDF information. ExifTool is an open-source utility.

When the ExifTool was executed, the attackers have been planning on utilizing the CVE-2021-22204, which might trigger these scanners to run the payload as quickly because the CVE-2021-22204 (CVSS rating: 7.8) was triggered.

By exploiting this vulnerability an attacker can acquire entry to the next issues with high-level privileges:-

  • Google-controlled atmosphere.
  • Over 50 inner hosts.

On April 30, 2021, Cysource reported the bug to Google’s Vulnerability Reward Packages (VRP). Nevertheless, the loophole was instantly mounted as soon as the loophole was reported.

ExifTool has not solely been focused as a conduit for distant code execution previously nevertheless it has additionally been used for different functions.

See also  Ubuntu Desktop & Home windows 11 Hacked – Pwn2Own Day 3

A important vulnerability “CVE-2021-22205,” with a CVSS rating of 10 was mounted final yr in GitLab. It’s a flaw that’s triggered by improper validation of user-provided pictures, resulting in the execution of arbitrary code.

You possibly can observe us on Linkedin, TwitterFb for day by day Cybersecurity and hacking information updates.