Want to get paid for a vulnerability similar to this one?
Contact us at: firstname.lastname@example.org
See our full scope at: https://blogs.securiteam.com/index.php/product_scope
The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI.
VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages and events, share and tag images, audio and video, and to play browser-based games. It is based in Saint Petersburg, Russia”.
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
VK Messenger version 220.127.116.11
The vendor responded that the problem no longer affects the latest version – but didn’t provide any information on when it was fixed and whether it was fixed due to someone else reporting this vulnerability.
Continue reading SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution