Windows 10 RCE: The exploit is in the link ($5000 USD)
Original Post:
We discussed this vulnerability during Episode 107 on 13 December 2021
There is an argument injection within the ms-officemd
URI scheme (available by default on WIndows 10 and 11) used by MS Office applications to launch other Office apps. By targeting the MS Teams Electron application one could leverage the --gpu-launcher
argument for arbitrary command injection without any hassle.