From reading the news and Twitter I just assumed someone found a Zoom RCE. Turns out, no. Bug 1: clickable links are in fact clickable Bug 2 & 3: if an attacker already has access to your machine, they can do bad things.
-
-
What's MoTW stand for in this context? I tried to use that link style with http://bit.ly \\?\C:\Users\dade\Documents\exploit.bat and it just pulls up a bitly page and 404s. I'm on Zoom 4.6.7 (18176.0301) on Win 10 19592
-
Anyways, I hold your opinion in high regard and do agree that your link looks quite clickable. Just wondering what's causing me to not be able to reproduce it.
- 13 more replies
New conversation -
-
-
Much more informative and better descriptor of that issue than hash capturing. Especially with no prompt. Is the problem that original researchers stopped at UNC to hash or executable running?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
