Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  login

Programmers do it bit by bit.

computers / rocksolid.shared.security / Re: https://github.com/oskarsve/ms-teams-rce

SubjectAuthor
* zero-click, wormable, cross-platform remote code execution in MicrosofAnonymous
+- https://github.com/oskarsve/ms-teams-rceAnonymous
+- NoneAnonymous
+* NoneAnonymous
|`- Re: NoneAnonymous
+- NoneAnonymous
+- NoneAnonymous
`- Re: https://github.com/oskarsve/ms-teams-rceAnonymous

1
https://github.com/oskarsve/ms-teams-rce
  rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: https://github.com/oskarsve/ms-teams-rce
Date: Mon, 07 Dec 2020 12:12:06 -0800
Organization: def5
Message-ID: <opsec.748.3bddhb@anon.com>
References: <opsec.747.3g5ous@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="14288"; mail-complaints-to="usenet@def5.org"
Xref: rslight2 rocksolid.shared.security:174
 by: Anonymous - Mon, 7 Dec 2020 20:12 UTC

>>9dbdb33d5ce38807fe
damn, forgot the link:

https://github.com/oskarsve/ms-teams-rce

--
Posted on def2

zero-click, wormable, cross-platform remote code execution in Microsoft Teams
  rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: zero-click, wormable, cross-platform remote code execution in Microsoft
Teams
Date: Mon, 07 Dec 2020 12:11:16 -0800
Organization: def5
Message-ID: <opsec.747.3g5ous@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="14288"; mail-complaints-to="usenet@def5.org"
Xref: rslight2 rocksolid.shared.security:175
 by: Anonymous - Mon, 7 Dec 2020 20:11 UTC

But don't worry, according to MS the class of this vuln is only "Important, Spoofing", which is about as low as it gets.
And Teams only has 115 Mio daily users, what's the worst that can happen ? lol

--
Posted on def2

None
  rocksolid.shared.security
Path: i2pn2.org!i2pn.org!rocksolid2!.POSTED.127.117.190.215!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: None
Date: Thu, 10 Dec 2020 22:08:18 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.750.3y7cuf@anon.com>
References: <opsec.747.3g5ous@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def.i2p"; posting-host="127.117.190.215";
logging-data="26343"; mail-complaints-to="usenet@novabbs.org"
Xref: rslight2 rocksolid.shared.security:176
 by: Anonymous - Fri, 11 Dec 2020 06:08 UTC

>>a7fe3e336c45cf68a2
How do they do that ? Isn't most of the programs available for Linux as well by now ?
(me --> have to use MS at work each day)

--
Posted on def2

None
  rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: None
Date: Thu, 10 Dec 2020 18:33:49 -0800
Organization: def2
Message-ID: <opsec.749.1emjn6@anon.com>
References: <opsec.747.3g5ous@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="26891"; mail-complaints-to="usenet@i2pn2.org"
Xref: rslight2 rocksolid.shared.security:178
 by: Anonymous - Fri, 11 Dec 2020 02:33 UTC

The university where I study forces us to use MS during lockdown :(

--
Posted on def2

Re: None
  rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: Anonymous@novabbs.i2p (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: None
Date: Sun, 13 Dec 2020 23:24:54 +0000
Organization: novaBBS
Message-ID: <16e1725aaacd85760f14ba1776a931b3$1@www.novabbs.com>
References: <opsec.747.3g5ous@anon.com> <opsec.749.1emjn6@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="27897"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Rslight-Site: $2y$10$8Mf5DSjP8whT64Opw5/ir.BsHomgTEoeu8YD3/74LyCenWygZmARC
Xref: rslight2 rocksolid.shared.security:179
 by: Anonymous - Sun, 13 Dec 2020 23:24 UTC

Anonymous wrote:

> The university where I study forces us to use MS during lockdown :(

You may have a case against them (torture)

--
Posted on novaBBS
www.novabbs.com

None
  rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.127.117.190.215!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: None
Date: Sun, 13 Dec 2020 15:51:19 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.753.qsri7@anon.com>
References: <opsec.747.3g5ous@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def.i2p"; posting-host="127.117.190.215";
logging-data="20520"; mail-complaints-to="usenet@novabbs.org"
Xref: rslight2 rocksolid.shared.security:180
 by: Anonymous - Sun, 13 Dec 2020 23:51 UTC

>>d28ba24928343a6a76
I seriously contemplated this option against my employer, not for torture but for violation of privacy laws. In my jurisdiction this could maybe make a case, depending on what they do exactly. Microsoft sure gives a lot of options lately.

--
Posted on def2

None
  rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: None
Date: Sat, 26 Dec 2020 15:49:05 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <opsec.758.ocl1r@anon.com>
References: <opsec.747.3g5ous@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="30880"; mail-complaints-to="usenet@i2pn2.org"
Xref: rslight2 rocksolid.shared.security:184
 by: Anonymous - Sat, 26 Dec 2020 23:49 UTC

so does anyone have non redacted version of the RCE?

--
Posted on def2

Re: https://github.com/oskarsve/ms-teams-rce
  rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: https://github.com/oskarsve/ms-teams-rce
Date: Sat, 26 Dec 2020 17:59:42 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <opsec.759.1f3l62@anon.com>
References: <opsec.747.3g5ous@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=d2feaacbbb141806b5d4ea2687eccc18c68187db
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="15766"; mail-complaints-to="usenet@i2pn2.org"
Xref: rslight2 rocksolid.shared.security:185
 by: Anonymous - Sun, 27 Dec 2020 01:59 UTC
Attachments: ms_15.gif (image/gif)

>>ccef0a2a1e2069d3ed
I don't. If I had it I would probably not publish it for free, at least at first.
You have something to do between the years ? :-]
That should suffice to figure it out.

Attachments: ms_15.gif 
1
server_pubkey.txt

rocksolid light 0.9.1
clearnet tor