header-logo
Suggest Exploit
vendor:
Gadu-Gadu Instant Messenger
by:
Unknown
5.5
CVSS
MEDIUM
File Extension Obfuscation
16
CWE
Product Name: Gadu-Gadu Instant Messenger
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:gadu-gadu:gadu-gadu
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

Gadu-Gadu Instant Messenger File Extension Obfuscation Vulnerability

The Gadu-Gadu instant messenger application contains a weakness that allows attackers to obfuscate file extensions. This vulnerability can be exploited by sending potentially malicious executable files to users who believe they are harmless files.

Mitigation:

Users should exercise caution when downloading files from unknown sources and always verify the file extension before opening it. Additionally, using up-to-date antivirus software can help detect and block malicious files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11017/info

Gadu-Gadu is a Polish instant messaging application for Microsoft Windows operating systems.

It is reported that the Gadu-Gadu instant messenger application contains a weakness allowing attackers to obfuscate file extensions.

This may allow an attacker to send potentially malicious executable files to users who think that they are downloading files that are believed to be harmless. 

file.ext%20(220%20kB)%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.exe

Navigation

Suggest Exploit

Services By CQR