Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities. Two of the four flaws can be exploited to gain remote code execution (RCE) on target systems by sending specially crafted chat messages in group conversations or specific individuals. The most severe of the lot is a flaw (CVE-2020-3495, CVSS score 9.9) that’s caused by improper validation of message contents, which could be leveraged by an attacker.
Source: https://thehackernews.com/2020/09/cisco-jabber-hacking.html