filmov
tv
NordVPN Desktop - OS Command Injection
Показать описание
Vulnerabilities type : OS Command Injection (Patched)
Effected : Desktop applications
The NordVPN windows client application registered two custom protocols NordVPN: and NordVPN.Notification: for process communication. This makes us are able to communicate with NordVPN.exe from web browser.
After looking the executable binary, I noticed the class NordVpn.Views.ToastNotifications.ListenNotificationOpenUrl eventually calls function Process.Start with controllable argument, and this notification can be triggered through custom protocol NordVPN.Notification:.
So it's possible to execute arbitrary system command from web browser.
Effected : Desktop applications
The NordVPN windows client application registered two custom protocols NordVPN: and NordVPN.Notification: for process communication. This makes us are able to communicate with NordVPN.exe from web browser.
After looking the executable binary, I noticed the class NordVpn.Views.ToastNotifications.ListenNotificationOpenUrl eventually calls function Process.Start with controllable argument, and this notification can be triggered through custom protocol NordVPN.Notification:.
So it's possible to execute arbitrary system command from web browser.
0:00:10
0:04:55
0:05:57
0:01:03
0:00:31
0:03:25
0:02:11
0:03:45
0:02:03
0:06:15
0:01:56
0:01:17
0:01:36
0:01:22
0:06:34
0:06:01
0:08:37
0:03:12
0:04:29
0:03:36
0:02:16
0:06:56
0:05:58
0:02:05