Hacker News .hn
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
plingbang
on May 20, 2024
|
parent
|
context
|
favorite
| on:
CVE-2024-4367 – Arbitrary JavaScript execution in ...
I remember MS Teams opening various files within itself instead of launching an appropriate program. I wonder what they're using for rendering PDFs.
gostsamo
on May 20, 2024
|
next
[–]
At least edge uses a module from word as far as I know and I'd expect the same for teams. They likely are not affected.
Gare
on May 20, 2024
|
prev
[–]
That's why I use MS Teams (on desktop) via browser only. Keeps it nicely sandboxed.
yencabulator
on May 20, 2024
|
parent
[–]
And if they had used PDF.js incorrectly in the browser, it would allow XSS attacks on the domain used for MS Teams.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
