Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution
Posted by deepcore on May 3, 2019 – 5:00 am
Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing attacker supplied scripts pointed to by the filename and not the “trusted” PS file currently loaded and being viewed by a user in the host application. This undermines the integrity of PowerShell ISE allowing potential unexpected remote code execution.
Post a reply
You must be logged in to post a comment.