.NET Partial-Trust Bypass

Posted by deepcore on October 14, 2015 – 10:26 am

A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the users’ default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the “WebPermission” permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users’ default browser.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Kerio Control 8.6.1 SQL Injection / Code Execution / CSRF Kaspersky Antivirus VB6 Parsing Integer Overflow »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

.NET Partial-Trust Bypass

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL