CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Microsoft: I have made Notepad✨

23 Posts 13 Posters 5 Views

J jpsays@mastodon.social

@0x00string @tess I have had personal experience with msrc liberally applying rce as well.
I get their argument. Because it can be triggered by a user clicking on a link to open remote content, they classify that as rce.
Pretty much any pattern where a user can be coerced remotely will likely get an rce tag is my guess.
But it does mean that other patterns of passive listening vulnerabilities can get watered down.
0 This user is from outside of this forum
0 This user is from outside of this forum
0x00string@infosec.exchange

wrote last edited by

#21

@jpsays @tess phone calls are rce
0 1 Reply Last reply

0
0 0x00string@infosec.exchange

@jpsays @tess phone calls are rce
0 This user is from outside of this forum
0 This user is from outside of this forum
0x00string@infosec.exchange

wrote last edited by

#22

@jpsays @tess sending a persuasive letter is rce
0 1 Reply Last reply

0
0 0x00string@infosec.exchange

@jpsays @tess sending a persuasive letter is rce
0 This user is from outside of this forum
0 This user is from outside of this forum
0x00string@infosec.exchange

wrote last edited by

#23

@tess @jpsays i dont get their argument, because its logically wrong
1 Reply Last reply

0

Log in to reply

1
2