← Back to context

Comment by shakna

16 hours ago

It doesn't only work with protocols registered by "your system" - Notepad doesn't register protocols. And Notepad is the user agent, here.

It works with your _locally_ registered protocols, not just the _remote_ protocols.

Which is why it works with JScript. And Powershell. And Visual Basic.

This is a bug that replicates why IE 4 was called insecure. Its not something that should ever surface again, today.

It is... The exact example of what an RCE is. _Local_ code executed by a _remote_ command.

1 comment

shakna

Reply
Rohansi  5 hours ago

As far as I can tell there is no URI scheme registered on Windows for JScript, PowerShell, or VBScript. They have file associations but those are not URI schemes.