by @j00sean
11 Jul 2023

Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)

by @j00sean
11 Jul 2023

Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)

Screenshots from the blog posts

images/clk1ce3oc0d6v0ul9fehvgiix.gifimages/clk1ce3oc0d6v0ul9fehvgiix.gif

Summary

Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.

Description

users/photos/clemvjnl46kz30juk5c0ta59k.jpg

@j00sean

3 posts

Finding bugs everywhere

Total vcoins

3.2K

Comments (1)