Zero-day vulnerability in Telegram (Analysis )

Discussion in '0-day Release' started by RGiskardR, Feb 14, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    [​IMG]
    In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.

    Right-to-left override in a nutshell

    The special nonprinting right-to-left override (RLO) character is used to reverse the order of the characters that come after that character in the string. In the Unicode character table, it is represented as ‘U+202E’; one area of legitimate use is when typing Arabic text. In an attack, this character can be used to mislead the victim. It is usually used when displaying the name and extension of an executable file: a piece of software vulnerable to this sort of attack will display the filename incompletely or in reverse.

    New Mac Malware uses Right-to-Left override character (U+202E) to cause OS X to display this… http://t.co/wGxuRK1ReG pic.twitter.com/DWfPOYkZgO

    — Mikko Hypponen (@mikko) 15 июля 2013 г.

    Full source: https://securelist.com/zero-day-vulnerability-in-telegram/83800/
     
    Der.Reisende and silversurfer like this.
  2. Google Adsense

Share This Page