Argument Injection in AWS WorkSpaces Desktop Client URI Handler
Original Post:
We discussed this vulnerability during Episode 85 on 27 September 2021
The AWS WorkSpaces desktop application registers a custom URI on the host system and does not properly sanitize the parameters leading to argument injection. As the WorkSpaces client is based on Chromium Embeded Framework the debugging argument --gpu-launcher
can be used to issue arbitrary commands.