| CVE ID | |
| CVSS SCORE | 7.2, AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| AFFECTED VENDORS |
Microsoft |
| AFFECTED PRODUCTS |
Teams |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams Desktop. An attacker must first obtain the ability to execute arbitrary JavaScript within an iframe within the application window in order to exploit this vulnerability. The specific flaw exists within the protection of the top ElectronJS frame. By performing actions in JavaScript, an attacker can navigate the top frame to a malicious page, thereby gaining access to internal application objects. An attacker can leverage this vulnerability to execute code in the context of the current process. |
| ADDITIONAL DETAILS |
fixed in version 1.4.00.11161 |
| DISCLOSURE TIMELINE |
|
| CREDIT | oskarsv |
