Cybersecurity researchers disclosed Details of the new vulnerability that affects the short Google data utility for Windows, which can be used to achieve service (DOS) or send arbitrary files to the target device without approval.
The downside, tracked as Cve-2014-10668 (CVSS assessment: 5.9), this is bypass for two of the 10 deficiencies that were originally revealed by Safebreach Labs in August 2024 Quickshell. It was considered in the fast share for the Windows version 1.0.2002.2 after a responsible disclosure in August 2024.
The investigation of these 10 vulnerabilities, which are collectively monitored as the CVE-2024-38271 (CVSS: 5,9) and Cve-2014-38272 (CVSS: 7.1), they could be made into the operational chain for obtaining an arbitrary code on the leading Windows.
Fast Fate (previously closest share) – this Utility for joint file sharing It looks like Apple Airdrop, which allows users to transfer files, photos, videos and other documents between Android devices, Chromebook and work tables and Windows laptops in close physical intimacy.
https://www.youtube.com/watch?v=kaqfg3antje
The following cybersecurity analysis showed that the two vulnerabilities were not corrected correctly, which once again made the application for a break or bypass the recipient’s request to accept file transfer, directly transferring the file to the device.
In particular, the DOS error can be triggered by using a file name that starts with another invalid UTF8 byte (eg, “\ XC5 \ XFF”) instead of the file name that begins with zero terminator (“\ X00”).
On the other hand, the initial correction for an unauthorized vulnerability file with the mark of such transferred files as “unknown” and removed them from the disk after completing the file transfer session.
This, according to the SafeBreach or Yair researcher, can be bypassed by sending two different files in the same session with the same “useful load”, causing the application to remove only one of them, leaving the second in the loading folder.
“Although this study is characteristic of a quick stock, we believe that the consequences are relevant to the software industry as a whole and believe that even if the code is difficult, suppliers should always resolve the true root cause of the vulnerabilities they correct,” Yair said.
