by @j00sean
01 Mar 2023

CVE-2022-44666: Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability

by @j00sean
01 Mar 2023

CVE-2022-44666: Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability

CVEs

7.8 High Severity

OS

Windows 8.1
Windows 8.1Microsoft
6.3.9600.20520.*
6.3.9600.20520.*
RT.*
*.*
*.*
*.*
*.*
-.*
-.*
-.*
Windows 10
Windows 10Microsoft
21H22.*
23H2.*
22H2.*
22H2.*
22H2.*
22H2.*
22H2.*
22H2.*
22H2.*
22H2.*
WR8
6.3.9600.20520.*
*.*
*.*
*.*
-.*
-.*
-.*
6.2.9200.24116.*
R2.*
R2.*
R2.SP1
R2.*
R2.*
R2.*
R2.*
R2.SP1
R2.*
10.0.14393.6614.*
10.0.14393.5717.*
20H2.*
1909.*
1903.*
*.*
2019.*
1803.*
1709.*
1607.*
10.0.17763.5329.*
10.0.17763.4010.*
18411.*
18409.*
18409.*
18409.2019
1909.*
1903.*
*.*
1809.2019

Screenshots from the blog posts

blog-posts/images/cleqaxy4h0z070kqw3r7w3mx3.jpgblog-posts/images/cleqaxy4h0z070kqw3r7w3mx3.jpg

Summary

My thoughts and more on this bug!

Description

users/photos/clemvjnl46kz30juk5c0ta59k.jpg

@j00sean

3 posts

Finding bugs everywhere

Total vcoins

3.2K

Comments (0)