louiselalanne/CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows Electron code injection.

CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows Electron code injection.

PoC

signature and version:

tool used to explore the vulnerability: https://github.com/r3ggi/electroniz3r

verify if is vulnerable:

inject a Blind Shell:

References

https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib https://www.notion.so/web-clipper