Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)

Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances, this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run […] The post Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) appeared first on Security Affairs. Read More At -> https://blog.cripperz.sg/2018/05/25/electron-windows-protocol-handler-mitm-rce-bypass-for-cve-2018-1000006-fix/