Microsoft Office 2007 Groove Security Bypass / Code Execution
Posted by deepcore on October 2, 2017 – 12:13 pm
Microsoft Office 2007 Groove contains a security bypass issue regarding ‘Workspace Shortcut’ files (.GLK) because it allows arbitrary (registered) URL Protocols to be passed, when only ‘grooveTelespace://’ URLs should be allowed, which allows execution of arbitrary code upon opening a ‘GLK’ file.
Post a reply
You must be logged in to post a comment.