Microsoft Teams is prone to a remote code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.
Information
Exploit
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
References:
- Application DLL Load Hijacking (HD Moore)
- Exploiting DLL Hijacking Flaws (hdm)
- Microsoft Homepage (Microsoft)
- Triaging a DLL planting vulnerability (Microsoft)
- JVN#79543573 The installer of Microsoft Teams may insecurely load Dynamic Link L (CERT)