CPE matches: cpe:2.3:a:kakaocorp:kakaotalk:*:*:*:*:*:*:*:* && versionEndIncluding=220.127.116.114
Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 18.104.22.1684 or lower.
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-20, Improper Input Validation:
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.