Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)
In Summary : As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE b...
https://updatesinfosec.blogspot.com/2018/05/electron-windows-protocol-handler.html
In Summary :
As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run on Windows that register themselves as the default handler for a protocol and do not prepend dash-dash in the registry entry are affected. [...]
kindly refer the following link as follow up :
https://ift.tt/2s5v9H9
As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run on Windows that register themselves as the default handler for a protocol and do not prepend dash-dash in the registry entry are affected. [...]
kindly refer the following link as follow up :
https://ift.tt/2s5v9H9
