Cybersecurity researchers have revealed details of new vulnerabilities affecting Google’s Quick Share Data Transfer utility. This can be exploited to achieve a denial of service (DOS) without authorization or to send any file to the target device.
The defect tracked as CVE-2024-10668 (CVSS score: 5.9) is bypassing two of the 10 drawbacks first disclosed by Safebreach Labs in August 2024 under the name Quick Shell. Following the responsible disclosure in August 2024, it is addressed with Quickshare for Windows version 1.0.2002.2.
As a result of these 10 vulnerabilities, collectively tracked as CVE-2024-38271 (CVSS score: 5.9) and CVE-2024-38272 (CVSS score: 7.1) could have been made into an exploit chain to obtain arbitrary code execution on a Windows host.
Quick Share (formerly nearby shares) is a peer-to-peer file sharing utility similar to Apple Airdrop, allowing users to transfer files, photos, videos and other documents in close, physical proximity between Android devices, Chromebooks, and Windows desktops and laptops.
A follow-up analysis by a cybersecurity company confirmed that the two vulnerabilities were not corrected correctly, and that the application could crash again or that the file would have to be sent directly to the device to accept file transfer requests.
Specifically, DOS bugs can be triggered using a filename that begins with a different invalid UTF8 continuation byte (e.g. “\xc5 \xff”) instead of a filename that begins with a null terminator (“\x00”).
Meanwhile, the first fix for unauthorized files was to mark such transferred files called “Unknown” after the file transfer session was complete and then removed them from disk.
According to Safebreach researchers or Yair, this could be avoided by sending two different files in the same session using the same “payload ID” and the application will delete only one of them and leave the other files unharmed in the download folder.
“This research is specific to Quick Share Utility, but we believe its impact is relevant across the software industry, suggesting that vendors should always address the true root causes of vulnerabilities that they fix, even when the code is complex,” Yair said.
Source link
