alt Hacker NewsWhat does “unverified protocols” mean? Does Windows have an exe:// url scheme that fetches and runs executable binaries or something?
What does “unverified protocols” mean? Does Windows have an exe:// url scheme that fetches and runs executable binaries or something?
Yes? ShellExecute opens a url if you pass in a url, opens a file if you pass in a path, and runs an .exe if that file is an .exe. Windows also supports SMB paths, so combine that together and you have a RCE