VirusTotal Platform RCE Vulnerabilities

There is a vulnerability in the VirusTotal platform that has been discovered by researchers, and it has the potential to be exploited by an attacker to conduct RCE.

VirusTotal is a service that uses over 70 different third-party antivirus products to scan suspicious files and URLs for viruses. Here, through the platform’s web user interface, an attacker uploads a DjVu file to the platform in order to conduct the attack.

An exploit can be triggered with this in order to exploit a high-severity vulnerability in the ExifTool. Using ExifTool, one can read and edit EXIF metadata information in both scanned images and PDF files. ExifTool is an open-source utility.

When the ExifTool was executed, the attackers were planning on using the CVE-2021-22204, which would cause these scanners to run the payload as soon as the CVE-2021-22204 with CVSS score: 7.8 was triggered.

By exploiting this vulnerability an attacker can gain access to the controlled environment with high-level privileges

ExifTool has not only been targeted as a conduit for remote code execution in the past but it has also been used for other purposes.

A critical vulnerability “CVE-2021-22205,” with a CVSS score of 10 was fixed last year in GitLab. It is a flaw that is triggered by improper validation of user-provided images, leading to the execution of arbitrary code