Char49 helps Microsoft fix a Reflected File Download

Our security researchers found a Reflected File Download on outlook.office365.com domain which would allow malicious users to trick innocent victims to download files that would seem to be hosted on Microsoft domain.

This vulnerability first presented by Oren Hafif in Blackhat Europe 2015 is not very well known but if implemented correctly could be very dangerous.

This type of vulnerability has been detected in other big companies like Google, Facebook, Yahoo! and Adobe.

This effort by Char49 was rewarded by Microsoft with a money prize and public acknowledgement.

Share this Post