It's a fun bug for sure, but I don't understand why it's being called "RCE" , isn't it more accurately "LPE" ?
-
-
Nope, because that one needs prior code execution to exploit (eg you need SSH, which by design only gives code execution). This one uses 445, which by design *doesn’t* allow code execution - poor service ACLs and WebEx design allows the code execution.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If you already have valid user creds for the box, then you already have code execution. This bug is privilege escalation, unless I’m missing something here.
-
You don’t have remote code execution by default with valid domain user creds.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.