Back to directory

WRITEUP #4186

"Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams

RCEStored XSSCSP bypassCSTI

byOskars Vegeris

Program

Microsoft

Published

Dec 7, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://github.com/oskarsve/ms-teams-rce

▸ RELATED WRITEUPS

Type confusion attacks in ProseMirror editors

XSSType confusion

SSD Advisory – SonicWall SMA100 Stored XSS To RCE

RCEOS command injection

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat