1-Click RCE on Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bi | PT SWARM

1-Click RCE on Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble via user supplied URLs by @positive_sec.

Contents:
• Introduction
• Root cause: user-supplied URLs opened by the OS
• Finding vulnerable features is straightforward
• Operating systems and desktop environments have different URL opening behaviors
• Windows 10 19042
• Xubuntu 20.04
• Other Linux Operating Systems + Snap
• Mac (Catalina 10.15.6)
• Vulnerabilities
• Nextcloud
• Telegram
• VLC
• Open-/LibreOffice
• Mumble
• Bitcoin/Dogecoin Wallets
• Wireshark
• Bonus-Vulnerability: WinSCP
• Systematic mitigation requires contributions from OS, Framework, and Application maintainers
• Conclusion

https://positive.security/blog/url-open-rce