Update : Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution
2019-07-02 13:46:02 Author: medium.com(查看原文) 阅读量:504 收藏
2019-07-02 13:46:02 Author: medium.com(查看原文) 阅读量:504 收藏
Found another vulnerable parameter where Microsoft Teams do remote download and execute payload.
Vulnerable parameter : %localappdata%/Microsoft/Teams/update.exe — updateRollback=[URL to package] %localappdata%/Microsoft/Teams/current/squirrel.exe — updateRollback=[URL to package]
Note : It is affecting wide usage of squirrel packages, Hope Microsoft Teams will be fixed as soon as possible.
文章来源: https://medium.com/@reegun/update-nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-b55295144b56
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh