This video is about the RCE vulnerability in desktop clients of Microsoft Teams application. In describes multiple techniques like XSS via AngularJS client-side template injection and Electron renderer escape.

The bugs have been fixed since the end of October, 2020.

Writeup:
https://github.com/oskarsve/ms-teams-rce
The researcher:
https://www.linkedin.com/in/oskars-vegeris-b9b283125/

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:27 Client-side template injection
02:08 Turning the XSS into an RCE

#RCE #Teams #MSTeams

Add comment

Your email address will not be published. Required fields are marked *