CVE-2019-1855— Cisco Jabber for Windows 权限许可和访问控制问题漏洞

Cisco Jabber for Windows DLL Preloading Vulnerability

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.

N/A

权限、特权和访问控制

Cisco Jabber for Windows 权限许可和访问控制问题漏洞

Cisco Jabber for Windows是美国思科（Cisco）公司的一套用于Windows平台的统一通信客户端解决方案。该方案提供了在线状态显示、即时消息、语音等功能。 Cisco Jabber for Windows 12.6(0)之前版本中的加载机制存在代码问题漏洞，该漏洞源于在运行时，程序没有充分地验证该应用程序所加载的资源。本地攻击者可借助恶意的DLL文件利用该漏洞以其他用户权限在目标设备上执行任意代码。

N/A

N/A