This video is about the RCE vulnerability in desktop clients of Microsoft Teams application. In describes multiple techniques like XSS via AngularJS client-side template injection and Electron renderer escape.
The bugs have been fixed since the end of October, 2020.
Writeup:
https://github.com/oskarsve/ms-teams-rce
The researcher:
https://www.linkedin.com/in/oskars-vegeris-b9b283125/
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:27 Client-side template injection
02:08 Turning the XSS into an RCE
#RCE #Teams #MSTeams
Add comment