Explore tailored GAP analyses for ISO standards or take a comprehensive GAP analysis. Learn More
× Teams Logo Book a Teams Meeting
Hopping Frog with Grass and Disappearing Sign

VirusTotal Breached Shockingly Easily

Researchers discovered a vulnerability in the VirusTotal platform that might have allowed attackers to use it to get remote code execution (RCE) on unpatched third-party sandboxing computers with antivirus engines.

VirusTotal flawed

According to Cysource researchers, the flaw allowed it possible to perform instructions remotely within VirusTotal platform and obtain access to its numerous scans capabilities.

VirusTotal, a malware-scanning service run by Google’s Chronicle security industry, analyses suspicious files and URLs and tests for viruses using more than 70 third-party antivirus software.

How access was acquired

The attack method involved uploading a DjVu file through the platform’s web user interface. When passed to multiple third-party malware scanning engines, could trigger an exploit for a high-severity remote code execution flaw in ExifTool. This is an open-source utility for reading and editing EXIF metadata information in image and PDF files.

The high-severity vulnerability in question is CVE-2021-22204 (CVSS score: 7.8), and it is a case of arbitrary code execution caused by ExifTool’s mishandling of DjVu files. The problem was fixed in a security update provided on April 13, 2021 by the project’s maintainers.

According to the researchers, a reverse shell was granted to impacted PCs linked to some antivirus engines that had not yet been patched for the remote code execution vulnerability as a result of such an exploitation.

The vulnerability does not affect VirusTotal, its founder Bernardo Quintero, verified that this is the intended behavior in a statement published. The code executions are not in the platform itself, but in the third-party scanning systems that analyse and execute the samples. The company also stated that it is utilising an ExifTool version that is not affected by the issue.

This isn’t the first time the ExifTool vulnerability has been used to gain remote code execution access. Last year, GitLab patched a severe bug (CVE-2021-22205, CVSS score: 10.0) that allowed arbitrary code execution due to poor validation of user-provided pictures.

Want to read more? Another article is available here!.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Adam Cooke
Adam Cooke
As the Operations and Compliance Manager, Adam oversees all aspects of the business, ensuring operational efficiency and regulatory compliance. Committed to high standards, he ensures everyone is heard and supported. With a strong background in the railway industry, Adam values rigorous standards and safety. Outside of work, he enjoys dog walking, gardening, and exploring new places and cuisines.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue