Posts Tagged ‘bypass’

Microsoft Office 2007 Groove Security Bypass / Code Execution

Microsoft Office 2007 Groove contains a security bypass issue regarding ‘Workspace Shortcut’ files (.GLK) because it allows arbitrary (registered) URL Protocols to be passed, when only ‘grooveTelespace://’ URLs should be allowed, which allows execution of arbitrary code upon opening a ‘GLK’ file. Source: Microsoft Office 2007 Groove Security Bypass / Code Execution


Microsoft Edge DuplicateHandle ACG Bypass

ACG (Arbitrary Code Guard) in Microsoft Edge is bypassable. The bypass has been tested on Microsoft Edge 40.15063.0.0 running on Windows 10 Enterprise 64-bit with Creators Update (Version 1703, OS build 15063.413). Source: Microsoft Edge DuplicateHandle ACG Bypass