Security News > 2022 > April > Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal
2022-04-26 01:30

Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution.

The flaw, now patched, made it possible to "Execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News.

Tracked as CVE-2021-22204, the high-severity vulnerability in question is a case of arbitrary code execution that arises from ExifTool's mishandling of DjVu files.

"The interesting part is every time we uploaded a file with a new hash containing a new payload, VirusTotal forwarded the payload to other hosts," the researchers said.

Cysource said it responsibly reported the bug through Google Vulnerability Reward Programs on April 30, 2021, following which the security weakness was immediately rectified.

Last year, GitLab fixed a critical flaw related to an improper validation of user-provided images, leading to arbitrary code execution.


News URL

https://thehackernews.com/2022/04/researchers-report-critical-rce.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-23 CVE-2021-22204 Code Injection vulnerability in multiple products
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Virustotal 2 0 6 14 1 21