Security Advisory

CVE-2020-14049

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-06-22 17:27:35

Last updated 2024-08-04 12:32:14

Assigner mitre

State PUBLISHED

Description

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.

← Browse all CVEs View on cve.org ↗