Char49 helps Microsoft fix a Reflected File Download

Published on Author char49labsLeave a comment

Our security researchers found a Reflected File Download on
outlook.office365.com domain which would allow malicious users to
trick innocent victims to download files that would seem to be hosted
on Microsoft domain.

This vulnerability first presented by Oren Hafif in Blackhat Europe
2015 is not very well known but if implemented correctly could be very
dangerous.

This type of vulnerability has been detected in other big companies
like Google, Facebook, Yahoo! and Adobe.

This effort by Char49 was rewarded by Microsoft with a money prize and
public acknowledgement.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *