thecyberthrone.in Open in urlscan Pro
192.0.78.25  Public Scan

URL: https://thecyberthrone.in/2021/12/08/windows-drive-by-rce-haunts/
Submission: On December 09 via api from US — Scanned from DE

Form analysis 5 forms found in the DOM

GET https://thecyberthrone.in/

<form method="get" class="search-form" action="https://thecyberthrone.in/">
  <label>
    <span class="screen-reader-text">Search for:</span>
    <input type="search" class="search-field" placeholder="Search" value="" name="s" title="Search for:">
  </label>
  <button type="submit" class="search-button"><span class="fa fw fa-search"></span><span class="screen-reader-text">Search</span></button>
</form>

POST https://thecyberthrone.in/wp-comments-post.php

<form action="https://thecyberthrone.in/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate=""><input type="hidden" id="highlander_comment_nonce" name="highlander_comment_nonce" value="ef6aaf0b79"><input type="hidden"
    name="_wp_http_referer" value="/2021/12/08/windows-drive-by-rce-haunts/">
  <input type="hidden" name="hc_post_as" id="hc_post_as" value="guest">
  <div class="comment-form-field comment-textarea">
    <div id="comment-form-comment"><textarea aria-hidden="true" tabindex="-1"
        style="position: absolute; inset: -999px auto auto 0px; border: 0px; padding: 0px; box-sizing: content-box; overflow-wrap: break-word; overflow: hidden; transition: none 0s ease 0s; height: 0px !important; min-height: 0px !important; font-family: Poppins, sans-serif; font-size: 14px; font-weight: 400; font-style: normal; letter-spacing: 0px; text-transform: none; text-decoration: none solid rgba(0, 0, 0, 0.7); word-spacing: 0px; text-indent: 0px; line-height: 19.6px; width: 594px;"
        class="autosizejs "></textarea><textarea id="comment" name="comment" title="Enter your comment here..." placeholder="Enter your comment here..." style="height: 40px; overflow: hidden; overflow-wrap: break-word; resize: none;"></textarea>
    </div>
  </div>
  <div id="comment-form-identity" style="display: none;">
    <div id="comment-form-nascar">
      <p>Fill in your details below or click an icon to log in:</p>
      <ul>
        <li class="selected" style="display:none;">
          <a href="#comment-form-guest" id="postas-guest" class="nascar-signin-link" title="Login via Guest">
									</a>
        </li>
        <li>
          <a href="#comment-form-load-service:WordPress.com" id="postas-wordpress" class="nascar-signin-link" title="Login via WordPress.com">
					<svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24"><rect x="0" fill="none" width="24" height="24"></rect><g><path fill="#0087be" d="M12.158 12.786l-2.698 7.84c.806.236 1.657.365 2.54.365 1.047 0 2.05-.18 2.986-.51-.024-.037-.046-.078-.065-.123l-2.762-7.57zM3.008 12c0 3.56 2.07 6.634 5.068 8.092L3.788 8.342c-.5 1.117-.78 2.354-.78 3.658zm15.06-.454c0-1.112-.398-1.88-.74-2.48-.456-.74-.883-1.368-.883-2.11 0-.825.627-1.595 1.51-1.595.04 0 .078.006.116.008-1.598-1.464-3.73-2.36-6.07-2.36-3.14 0-5.904 1.613-7.512 4.053.21.008.41.012.58.012.94 0 2.395-.114 2.395-.114.484-.028.54.684.057.74 0 0-.487.058-1.03.086l3.275 9.74 1.968-5.902-1.4-3.838c-.485-.028-.944-.085-.944-.085-.486-.03-.43-.77.056-.742 0 0 1.484.114 2.368.114.94 0 2.397-.114 2.397-.114.486-.028.543.684.058.74 0 0-.488.058-1.03.086l3.25 9.665.897-2.997c.456-1.17.684-2.137.684-2.907zm1.82-3.86c.04.286.06.593.06.924 0 .912-.17 1.938-.683 3.22l-2.746 7.94c2.672-1.558 4.47-4.454 4.47-7.77 0-1.564-.4-3.033-1.1-4.314zM12 22C6.486 22 2 17.514 2 12S6.486 2 12 2s10 4.486 10 10-4.486 10-10 10z"></path></g></svg>				</a>
        </li>
        <li>
          <a href="#comment-form-load-service:Twitter" id="postas-twitter" class="nascar-signin-link" title="Login via Twitter">
					<svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24"><rect x="0" fill="none" width="24" height="24"></rect><g><path fill="#1DA1F2" d="M22.23 5.924c-.736.326-1.527.547-2.357.646.847-.508 1.498-1.312 1.804-2.27-.793.47-1.67.812-2.606.996C18.325 4.498 17.258 4 16.078 4c-2.266 0-4.103 1.837-4.103 4.103 0 .322.036.635.106.935-3.41-.17-6.433-1.804-8.457-4.287-.353.607-.556 1.312-.556 2.064 0 1.424.724 2.68 1.825 3.415-.673-.022-1.305-.207-1.86-.514v.052c0 1.988 1.415 3.647 3.293 4.023-.344.095-.707.145-1.08.145-.265 0-.522-.026-.773-.074.522 1.63 2.038 2.817 3.833 2.85-1.404 1.1-3.174 1.757-5.096 1.757-.332 0-.66-.02-.98-.057 1.816 1.164 3.973 1.843 6.29 1.843 7.547 0 11.675-6.252 11.675-11.675 0-.178-.004-.355-.012-.53.802-.578 1.497-1.3 2.047-2.124z"></path></g></svg>				</a>
        </li>
        <li>
          <a href="#comment-form-load-service:Facebook" id="postas-facebook" class="nascar-signin-link" title="Login via Facebook">
					<svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24"><rect x="0" fill="none" width="24" height="24"></rect><g><path fill="#3B5998" d="M20.007 3H3.993C3.445 3 3 3.445 3 3.993v16.013c0 .55.445.994.993.994h8.62v-6.97H10.27V11.31h2.346V9.31c0-2.325 1.42-3.59 3.494-3.59.993 0 1.847.073 2.096.106v2.43h-1.438c-1.128 0-1.346.537-1.346 1.324v1.734h2.69l-.35 2.717h-2.34V21h4.587c.548 0 .993-.445.993-.993V3.993c0-.548-.445-.993-.993-.993z"></path></g></svg>				</a>
        </li>
      </ul>
    </div>
    <div id="comment-form-guest" class="comment-form-service selected">
      <div class="comment-form-padder">
        <div class="comment-form-avatar">
          <a href="https://gravatar.com/site/signup/" target="_blank">				<img src="https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&amp;d=identicon&amp;forcedefault=y&amp;r=G" alt="Gravatar" width="25" class="no-grav grav-hashed grav-hijack" id="grav-ad516503a11cd5ca435acc9bb6523536-0">
</a>
        </div>
        <div class="comment-form-fields">
          <div class="comment-form-field comment-form-email">
            <label for="email">Email <span class="required">(required)</span> <span class="nopublish">(Address never made public)</span></label>
            <div class="comment-form-input"><input id="email" name="email" type="email" value=""></div>
          </div>
          <div class="comment-form-field comment-form-author">
            <label for="author">Name <span class="required">(required)</span></label>
            <div class="comment-form-input"><input id="author" name="author" type="text" value=""></div>
          </div>
          <div class="comment-form-field comment-form-url">
            <label for="url">Website</label>
            <div class="comment-form-input"><input id="url" name="url" type="url" value=""></div>
          </div>
        </div>
      </div>
    </div>
    <div id="comment-form-wordpress" class="comment-form-service">
      <div class="comment-form-padder">
        <div class="comment-form-avatar">
          <img src="https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&amp;d=identicon&amp;forcedefault=y&amp;r=G" alt="WordPress.com Logo" width="25" class="no-grav grav-hashed grav-hijack"
            id="grav-ad516503a11cd5ca435acc9bb6523536-1">
        </div>
        <div class="comment-form-fields">
          <input type="hidden" name="wp_avatar" id="wordpress-avatar" class="comment-meta-wordpress" value="">
          <input type="hidden" name="wp_user_id" id="wordpress-user_id" class="comment-meta-wordpress" value="">
          <input type="hidden" name="wp_access_token" id="wordpress-access_token" class="comment-meta-wordpress" value="">
          <p class="comment-form-posting-as pa-wordpress">
            <strong></strong> You are commenting using your WordPress.com account. <span class="comment-form-log-out"> (&nbsp;<a href="javascript:HighlanderComments.doExternalLogout( 'wordpress' );">Log&nbsp;Out</a>&nbsp;/&nbsp;
              <a href="#" onclick="javascript:HighlanderComments.switchAccount();return false;">Change</a>&nbsp;) </span>
            <span class="pa-icon"><svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24">
                <rect x="0" fill="none" width="24" height="24"></rect>
                <g>
                  <path fill="#0087be"
                    d="M12.158 12.786l-2.698 7.84c.806.236 1.657.365 2.54.365 1.047 0 2.05-.18 2.986-.51-.024-.037-.046-.078-.065-.123l-2.762-7.57zM3.008 12c0 3.56 2.07 6.634 5.068 8.092L3.788 8.342c-.5 1.117-.78 2.354-.78 3.658zm15.06-.454c0-1.112-.398-1.88-.74-2.48-.456-.74-.883-1.368-.883-2.11 0-.825.627-1.595 1.51-1.595.04 0 .078.006.116.008-1.598-1.464-3.73-2.36-6.07-2.36-3.14 0-5.904 1.613-7.512 4.053.21.008.41.012.58.012.94 0 2.395-.114 2.395-.114.484-.028.54.684.057.74 0 0-.487.058-1.03.086l3.275 9.74 1.968-5.902-1.4-3.838c-.485-.028-.944-.085-.944-.085-.486-.03-.43-.77.056-.742 0 0 1.484.114 2.368.114.94 0 2.397-.114 2.397-.114.486-.028.543.684.058.74 0 0-.488.058-1.03.086l3.25 9.665.897-2.997c.456-1.17.684-2.137.684-2.907zm1.82-3.86c.04.286.06.593.06.924 0 .912-.17 1.938-.683 3.22l-2.746 7.94c2.672-1.558 4.47-4.454 4.47-7.77 0-1.564-.4-3.033-1.1-4.314zM12 22C6.486 22 2 17.514 2 12S6.486 2 12 2s10 4.486 10 10-4.486 10-10 10z">
                  </path>
                </g>
              </svg></span>
          </p>
        </div>
      </div>
    </div>
    <div id="comment-form-googleplus" class="comment-form-service">
      <div class="comment-form-padder">
        <div class="comment-form-avatar">
          <img src="https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&amp;d=identicon&amp;forcedefault=y&amp;r=G" alt="Google photo" width="25" class="no-grav grav-hashed grav-hijack" id="grav-ad516503a11cd5ca435acc9bb6523536-2">
        </div>
        <div class="comment-form-fields">
          <input type="hidden" name="googleplus_avatar" id="googleplus-avatar" class="comment-meta-googleplus" value="">
          <input type="hidden" name="googleplus_user_id" id="googleplus-user_id" class="comment-meta-googleplus" value="">
          <input type="hidden" name="googleplus_access_token" id="googleplus-access_token" class="comment-meta-googleplus" value="">
          <p class="comment-form-posting-as pa-googleplus">
            <strong></strong> You are commenting using your Google account. <span class="comment-form-log-out"> (&nbsp;<a href="javascript:HighlanderComments.doExternalLogout( 'googleplus' );">Log&nbsp;Out</a>&nbsp;/&nbsp;
              <a href="#" onclick="javascript:HighlanderComments.switchAccount();return false;">Change</a>&nbsp;) </span>
            <span class="pa-icon"><svg xmlns="http://www.w3.org/2000/svg" role="presentation" x="0px" y="0px" viewBox="0 0 60 60">
                <path fill="#519bf7" d="M56.3,30c0,-1.6 -0.2,-3.4 -0.6,-5h-3.1H42.2H30v10.6h14.8C44,39.3 42,42 39.1,43.9l8.8,6.8C53,46 56.3,39 56.3,30z"></path>
                <path fill="#3db366" d="M30,57.5c6.7,0 13.1,-2.4 17.9,-6.8l-8.8,-6.8c-2.5,1.6 -5.6,2.4 -9.1,2.4c-7.2,0 -13.3,-4.7 -15.4,-11.2l-9.3,7.1C9.8,51.3 19.1,57.5 30,57.5z"></path>
                <path fill="#fdc600" d="M5.3,42.2l9.3,-7.1c-0.5,-1.6 -0.8,-3.3 -0.8,-5.1s0.3,-3.5 0.8,-5.1l-9.3,-7.1C3.5,21.5 2.5,25.6 2.5,30S3.5,38.5 5.3,42.2z"></path>
                <path fill="#f15b44" d="M40.1,17.4l8,-8C43.3,5.1 37,2.5 30,2.5C19.1,2.5 9.8,8.7 5.3,17.8l9.3,7.1c2.1,-6.5 8.2,-11.1 15.4,-11.1C33.9,13.7 37.4,15.1 40.1,17.4z"></path>
              </svg></span>
          </p>
        </div>
      </div>
    </div>
    <div id="comment-form-twitter" class="comment-form-service">
      <div class="comment-form-padder">
        <div class="comment-form-avatar">
          <img src="https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&amp;d=identicon&amp;forcedefault=y&amp;r=G" alt="Twitter picture" width="25" class="no-grav grav-hashed grav-hijack" id="grav-ad516503a11cd5ca435acc9bb6523536-3">
        </div>
        <div class="comment-form-fields">
          <input type="hidden" name="twitter_avatar" id="twitter-avatar" class="comment-meta-twitter" value="">
          <input type="hidden" name="twitter_user_id" id="twitter-user_id" class="comment-meta-twitter" value="">
          <input type="hidden" name="twitter_access_token" id="twitter-access_token" class="comment-meta-twitter" value="">
          <p class="comment-form-posting-as pa-twitter">
            <strong></strong> You are commenting using your Twitter account. <span class="comment-form-log-out"> (&nbsp;<a href="javascript:HighlanderComments.doExternalLogout( 'twitter' );">Log&nbsp;Out</a>&nbsp;/&nbsp;
              <a href="#" onclick="javascript:HighlanderComments.switchAccount();return false;">Change</a>&nbsp;) </span>
            <span class="pa-icon"><svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24">
                <rect x="0" fill="none" width="24" height="24"></rect>
                <g>
                  <path fill="#1DA1F2"
                    d="M22.23 5.924c-.736.326-1.527.547-2.357.646.847-.508 1.498-1.312 1.804-2.27-.793.47-1.67.812-2.606.996C18.325 4.498 17.258 4 16.078 4c-2.266 0-4.103 1.837-4.103 4.103 0 .322.036.635.106.935-3.41-.17-6.433-1.804-8.457-4.287-.353.607-.556 1.312-.556 2.064 0 1.424.724 2.68 1.825 3.415-.673-.022-1.305-.207-1.86-.514v.052c0 1.988 1.415 3.647 3.293 4.023-.344.095-.707.145-1.08.145-.265 0-.522-.026-.773-.074.522 1.63 2.038 2.817 3.833 2.85-1.404 1.1-3.174 1.757-5.096 1.757-.332 0-.66-.02-.98-.057 1.816 1.164 3.973 1.843 6.29 1.843 7.547 0 11.675-6.252 11.675-11.675 0-.178-.004-.355-.012-.53.802-.578 1.497-1.3 2.047-2.124z">
                  </path>
                </g>
              </svg></span>
          </p>
        </div>
      </div>
    </div>
    <div id="comment-form-facebook" class="comment-form-service">
      <div class="comment-form-padder">
        <div class="comment-form-avatar">
          <img src="" alt="Facebook photo" width="25" class="no-grav">
        </div>
        <div class="comment-form-fields">
          <input type="hidden" name="fb_avatar" id="facebook-avatar" class="comment-meta-facebook" value="">
          <input type="hidden" name="fb_user_id" id="facebook-user_id" class="comment-meta-facebook" value="">
          <input type="hidden" name="fb_access_token" id="facebook-access_token" class="comment-meta-facebook" value="">
          <p class="comment-form-posting-as pa-facebook">
            <strong></strong> You are commenting using your Facebook account. <span class="comment-form-log-out"> (&nbsp;<a href="javascript:HighlanderComments.doExternalLogout( 'facebook' );">Log&nbsp;Out</a>&nbsp;/&nbsp;
              <a href="#" onclick="javascript:HighlanderComments.switchAccount();return false;">Change</a>&nbsp;) </span>
            <span class="pa-icon"><svg xmlns="http://www.w3.org/2000/svg" role="presentation" viewBox="0 0 24 24">
                <rect x="0" fill="none" width="24" height="24"></rect>
                <g>
                  <path fill="#3B5998"
                    d="M20.007 3H3.993C3.445 3 3 3.445 3 3.993v16.013c0 .55.445.994.993.994h8.62v-6.97H10.27V11.31h2.346V9.31c0-2.325 1.42-3.59 3.494-3.59.993 0 1.847.073 2.096.106v2.43h-1.438c-1.128 0-1.346.537-1.346 1.324v1.734h2.69l-.35 2.717h-2.34V21h4.587c.548 0 .993-.445.993-.993V3.993c0-.548-.445-.993-.993-.993z">
                  </path>
                </g>
              </svg></span>
          </p>
        </div>
      </div>
    </div>
    <div id="comment-form-load-service" class="comment-form-service">
      <div class="comment-form-posting-as-cancel"><a href="javascript:HighlanderComments.cancelExternalWindow();">Cancel</a></div>
      <p>Connecting to %s</p>
    </div>
  </div>
  <script type="text/javascript">
    var highlander_expando_javascript = function() {
      function hide(sel) {
        var el = document.querySelector(sel);
        if (el) {
          el.style.setProperty('display', 'none');
        }
      }

      function show(sel) {
        var el = document.querySelector(sel);
        if (el) {
          el.style.removeProperty('display');
        }
      }
      var input = document.createElement('input');
      var comment = document.querySelector('#comment');
      if (input && comment && 'placeholder' in input) {
        var label = document.querySelector('.comment-textarea label');
        if (label) {
          var text = label.textContent;
          label.parentNode.removeChild(label);
          comment.setAttribute('placeholder', text);
        }
      }
      // Expando Mode: start small, then auto-resize on first click + text length
      hide('#comment-form-identity');
      hide('#comment-form-subscribe');
      hide('#commentform .form-submit');
      if (comment) {
        comment.style.height = '10px';
        var handler = function() {
          comment.style.height = HighlanderComments.initialHeight + 'px';
          show('#comment-form-identity');
          show('#comment-form-subscribe');
          show('#commentform .form-submit');
          HighlanderComments.resizeCallback();
          comment.removeEventListener('focus', handler);
        };
        comment.addEventListener('focus', handler);
      }
    }
    if (document.readyState !== 'loading') {
      highlander_expando_javascript();
    } else {
      if (typeof window.jQuery === 'function') {
        // Use jQuery's `ready` if available.
        // This solves some scheduling issues between this script and the main highlander script.
        jQuery(document).ready(highlander_expando_javascript);
      } else {
        // If not available, add a vanilla event listener.
        document.addEventListener('DOMContentLoaded', highlander_expando_javascript);
      }
    }
  </script>
  <div id="comment-form-subscribe" style="display: none;">
    <p class="comment-subscription-form"><input type="checkbox" name="subscribe" id="subscribe" value="subscribe" style="width: auto;"> <label class="subscribe-label" id="subscribe-label" for="subscribe" style="display: inline;">Notify me of new
        comments via email.</label></p>
    <p class="post-subscription-form"><input type="checkbox" name="subscribe_blog" id="subscribe_blog" value="subscribe" style="width: auto;"> <label class="subscribe-label" id="subscribe-blog-label" for="subscribe_blog"
        style="display: inline;">Notify me of new posts via email.</label></p>
  </div>
  <p class="form-submit wp-block-button" style="display: none;"><input name="submit" type="submit" id="comment-submit" class="submit wp-block-button__link" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="5372"
      id="comment_post_ID">
    <input type="hidden" name="comment_parent" id="comment_parent" value="0">
  </p>
  <p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="310a1077bf"></p>
  <input type="hidden" name="genseq" value="1639054943">
  <p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1639054944209">
    <script>
      document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
    </script>
  </p>
</form>

GET https://thecyberthrone.in/

<form method="get" class="search-form" action="https://thecyberthrone.in/">
  <label>
    <span class="screen-reader-text">Search for:</span>
    <input type="search" class="search-field" placeholder="Search" value="" name="s" title="Search for:">
  </label>
  <button type="submit" class="search-button"><span class="fa fw fa-search"></span><span class="screen-reader-text">Search</span></button>
</form>

POST https://subscribe.wordpress.com

<form action="https://subscribe.wordpress.com" method="post" accept-charset="utf-8" id="subscribe-blog">
  <p id="subscribe-email">
    <label id="subscribe-field-label" for="subscribe-field" class="screen-reader-text"> Email Address: </label>
    <input type="email" name="email" class="has-20-px-font-size has-cf-2-e-2-e-border-color" style="font-size: 20px; padding: 12px 18px 12px 18px; border-radius: 5px; border-width: 2px; border-color: #cf2e2e; border-style: solid;"
      placeholder="Enter your email address" value="" id="subscribe-field">
  </p>
  <p id="subscribe-submit" style="width: 100%; max-width: 100%;">
    <input type="hidden" name="action" value="subscribe">
    <input type="hidden" name="blog_id" value="172946585">
    <input type="hidden" name="source" value="https://thecyberthrone.in/2021/12/08/windows-drive-by-rce-haunts/">
    <input type="hidden" name="sub-type" value="widget">
    <input type="hidden" name="redirect_fragment" value="subscribe-blog">
    <input type="hidden" id="_wpnonce" name="_wpnonce" value="666a2c4741"> <button type="submit"
      class="wp-block-button__link has-20-px-font-size has-cf-2-e-2-e-border-color has-text-color has-white-color has-background has-vivid-red-background-color"
      style="width: 100%; font-size: 20px; padding: 12px 18px 12px 18px; margin-top: 10px; border-radius: 5px; border-width: 2px; border-color: #cf2e2e; border-style: solid;"> Subscribe </button>
  </p>
</form>

POST https://subscribe.wordpress.com

<form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;">
  <div class="actnbr-follow-count">Join 199 other followers</div>
  <div>
    <input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address">
  </div>
  <input type="hidden" name="action" value="subscribe">
  <input type="hidden" name="blog_id" value="172946585">
  <input type="hidden" name="source" value="https://thecyberthrone.in/2021/12/08/windows-drive-by-rce-haunts/">
  <input type="hidden" name="sub-type" value="actionbar-follow">
  <input type="hidden" id="_wpnonce" name="_wpnonce" value="666a2c4741">
  <div class="actnbr-button-wrap">
    <button type="submit" value="Sign me up"> Sign me up </button>
  </div>
</form>

Text Content

Skip to content
 * Search

Search for: Search


THECYBERTHRONE

THINKING SECURITY ! ALWAYS


 * Home
 * Security Within You.!
 * About Author

Security


WINDOWS DRIVE-BY RCE HAUNTS.!

Date: December 8, 2021Author: PravinKarthik 0 Comments

A drive-by remote code execution (RCE) vulnerability in Windows 10 that can be
triggered simply by clicking a malicious URL could allow attackers full access
to a victim’s files and data.

Advertisements


The security flaw, an argument injection in the Windows 10/11 default handler
for ms-officecmd: URIs, is present in Windows 10 via Internet Explorer 11/Edge
Legacy browsers and Microsoft Teams.

Microsoft has since released a patch, but researchers claim that the fix –
applied five months after the bug report “fails to properly address the
underlying argument injection which is currently also still present on Windows
11”.

Windows internally uses ms-officecmd: URIs to start various Microsoft programs.
Researchers revealed how it is possible to craft an URL in such a way that, when
clicked, it will execute a malicious command while also starting Microsoft
Teams.

Advertisements


Chained together with a security issue in Internet Explorer 11/Edge Legacy,
visiting a malicious website is enough to trigger the exploit. The researchers
also warned that this vulnerability is still present in the operating system.

The attack starts with a victim either visiting a malicious website in IE11/Edge
Legacy or clicking a malicious link in another browser or desktop application.
The link is then forwarded to LocalBridge.exe, which in turn runs various Office
executables with a segment of the link as argument.

Possibility to inject additional arguments exists, which allowed us to achieve
code execution by triggering the launch of Microsoft Teams with an additional
–gpu-launcher argument that is then interpreted by Electron.

Exploitation through other browsers requires the victim to accept an
inconspicuous confirmation dialog. Alternatively, a malicious URI could also be
delivered via a desktop application performing unsafe URL handling. However, a
precondition for this exploit is to have Microsoft Teams installed but not
running.

Advertisements


When the issue was reported, Microsoft told the team that since this was a
social engineering attack, it was not eligible for a bug bounty reward. A
lengthy appeal process eventually resulted in the researchers being awarded a
$5,000 reward – a figure that they argued was still insufficient, since it was
just 10% of the maximum reward.

Although the proof-of-concept no longer works, the argument injection
vulnerability has not been patched.




SHARE THIS:

 * Click to share on LinkedIn (Opens in new window)
 * Click to share on Twitter (Opens in new window)
 * Click to share on Facebook (Opens in new window)
 * Click to share on WhatsApp (Opens in new window)
 * Click to share on Pinterest (Opens in new window)
 * Click to share on Reddit (Opens in new window)
 * Click to share on Tumblr (Opens in new window)
 * Click to share on Telegram (Opens in new window)
 * 


LIKE THIS:

Like Loading...


RELATED

MICROSOFT PATCH TUESDAY NOVEMBER 2021

Microsoft patched 55 CVEs in the November 2021 Patch Tuesday release, including
six rated as critical, and 49 rated as important. KB5007186 has arrived for
Windows 10 21H1, 20H2, and 2004, while there is KB5007215 for Windows 11.This
month is security focused, with all supported OSes receiving patches for
various…

November 10, 2021

In "Security"

ACTIVEX CONTROL RCE

Microsoft said it has identified a limited number of attacks targeting a remote
code execution vulnerability in MSHTML that affects Microsoft Windows tracked as
CVE-2021-40444. An attacker could craft a malicious ActiveX control to be used
by a Microsoft Office document that hosts the browser rendering engine.The
attacker would then…

September 8, 2021

In "Security"

MAGNIBER HUNTS INTERNET EXPLORER VULNERABILITY

End of life for Internet Explorer is fast approaching, the Magniber ransomware
gang has begun exploiting two patched vulnerabilities in Microsoft's legacy
browser to launch attacks on unsuspecting users. The Internet Explorer
vulnerabilities being exploited in Magniber's latest round of cyberattacks are
tracked as CVE-2021-26411 and CVE-2021-40444 and both vulnerabilities…

November 13, 2021

In "Security"

Internet ExplorerMalicious linkMicrosoftRCESecurity ThreatVulnerabilityWindows
10WINDOWS 11


PUBLISHED BY PRAVINKARTHIK

Cybersecurity Enthusiasts . Will keep update on all happenings around in
Security Operations. View all posts by PravinKarthik


POST NAVIGATION

Previous Previous post: Emotet Directs Cobalt Strike Now !
Next Next post: Google Cloud IDS Generally Available for Network
Threat Detection


LEAVE A REPLY CANCEL REPLY

Fill in your details below or click an icon to log in:

 * 
 * 
 * 
 * 

Email (required) (Address never made public)

Name (required)

Website


You are commenting using your WordPress.com account. ( Log Out /  Change )

You are commenting using your Google account. ( Log Out /  Change )

You are commenting using your Twitter account. ( Log Out /  Change )

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

Notify me of new comments via email.

Notify me of new posts via email.





Δ


Advertisements
Powered by wordads.co
We've received your report.

Thanks for your feedback!
Seen too often
Not relevant
Offensive
Broken
Report this adPrivacy

Search for: Search

Security


F5 ACQUIRES THREAT STACK

by PravinKarthik September 20, 2021
Security


COINBASE ACQUIRES CYBERSECURITY FIRM UNBOUND

by PravinKarthik November 30, 2021
Security


MCAFEE READIES TO SELL ITSELF

by PravinKarthik November 6, 2021
Security


IBM TO ACQUIRE REAQTA. ENDPOINT SECURITY STARTUP

by PravinKarthik November 3, 2021
Security


CROWDSTRIKE ACQUIRES SECURECIRCLE

by PravinKarthik November 2, 2021
Security


FORCEPOINT ACQUIRES BITGLASS

by PravinKarthik October 26, 2021
Security


NETAPP DEBUTS SPOT SECURITY

by PravinKarthik October 22, 2021
Security


ELASTIC TO ACQUIRE OPTYMYZE

by PravinKarthik October 17, 2021
Security


FIREEYE & MCAFEE ENTERPRISE MERGE

by PravinKarthik October 1, 2021
Security


AKAMAI ACQUIRES GUARDICORE

by PravinKarthik September 30, 2021
Security


F5 ACQUIRES THREAT STACK

by PravinKarthik September 20, 2021
Security


COINBASE ACQUIRES CYBERSECURITY FIRM UNBOUND

by PravinKarthik November 30, 2021
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10


Subscribe to TheCyberThrone Today ! Join Hundreds of Subscribers receiving
latest Cybersecurity news and happenings in and around the world.



Email Address:

Subscribe




ARCHIVES HISTORY

Archives History Select Month December 2021  (47) November 2021  (137) October
2021  (130) September 2021  (109) August 2021  (128) July 2021  (109) June 2021
 (108) May 2021  (81) April 2021  (73) March 2021  (72) February 2021  (68)
January 2021  (85) December 2020  (63) November 2020  (60) October 2020  (59)
September 2020  (48) August 2020  (48) July 2020  (49) June 2020  (45) May 2020
 (46) April 2020  (37) March 2020  (34) February 2020  (15)




© 2021 TheCyberThrone

Create a website or blog at WordPress.com



 * Follow Following
    * TheCyberThrone
      Join 199 other followers
      
      Sign me up
    * Already have a WordPress.com account? Log in now.

 *  * TheCyberThrone
    * Customize
    * Follow Following
    * Sign up
    * Log in
    * Copy shortlink
    * Report this content
    * View post in Reader
    * Manage subscriptions
    * Collapse this bar

%d bloggers like this:




Notifications

Playing