This video is about the RCE vulnerability in desktop clients of Microsoft Teams application. In describes multiple techniques like XSS via AngularJS client-side template injection and Electron renderer escape.

The bugs have been fixed since the end of October, 2020.

The researcher:

Follow me on twitter:

00:00 Intro
00:27 Client-side template injection
02:08 Turning the XSS into an RCE

#RCE #Teams #MSTeams

Add comment

Your email address will not be published. Required fields are marked *