One of the most interesting vulnerabilities that could potentially allow Remote Code Execution (RCE). Check out this article from our researcher Miguel Regala on Cobalt Blog.
Our lab found a interesting XSS on a .swf file that we later discover was mainly used on phishing websites. Source code of typewrite_header.swf: //———————————————————————- //Frame 3 //———————————————————————- gotoAndPlay (2); //———————————————————————- //Frame 1 //———————————————————————- var q = 1; var myurl = “http://xxxxxxxxxxxxxxxxxxxxxxxxx/”; var mytext1 = _root.thetitle; var mytext2 = _root.thestrap; _global.mytext = ((“” + mytext1) … Continue reading Flash XSS on typewrite_header.swf
Our security researchers found a Reflected File Download on outlook.office365.com domain which would allow malicious users to trick innocent victims to download files that would seem to be hosted on Microsoft domain. This vulnerability first presented by Oren Hafif in Blackhat Europe 2015 is not very well known but if implemented correctly could be very dangerous. … Continue reading Char49 helps Microsoft fix a Reflected File Download