Remote code execution On Microsoft edge using URL Protocol

Introduction

Hello everyone and welcome to my first bug ever in ‘RCE’ section and I hope this is a good beginning.

The topic of this blog post is: ‘RCE’ on Microsoft edge using URL protocol by some bugs and locations in registry that I found a few time ago, ( Using Jsffile and Wsffile). I’m glad guys but If ‘MSRC’ team patched It and I got bounty that would be a great thing for me but nothing of these options happened because there are some reason they did patch my bugs on the time.

The reasons are:
They determined the bugs I sent and knew a lot of information about them but they gave me just ‘appreciation and/or thanks’ although I saw some people submitted bugs the same I sent and they got their patches.

See below the message I got from ‘MSRC team’

The message I received was seen in

As you can see above the message was sent by ‘MSRC team’ and that contains some words mean:

They understood the bug but It haven’t got place in the list of acknowledgement that they created in their website for acknowledgements and the patches as well.
By the way, I wouldn’t say I need the money that they give everyday for researchers and I don’t think It’s the end in ‘Cyber security’.

As I understood when I saw the message. they patched the bug without update and so far both ‘JSFFILE’ and ‘WSFFILE’ have been removed from ‘Registry editor’ by ‘MSRC team’. let’s go to see the steps to do ‘RCE’.

First we can take a test if the proof of concept work or no, but I’m sure 100% It’s not going to work after It was removed.
I think my answer was 100% correct.

(JSFFILE and WSFFILE)

It hasn’t worked since they removed it from ‘Registry editor’.
but all of these reasons don’t mean: I hadn’t record any proof of concept before they pathed the bug.

You can enjoy watching the video I released before patches.

https://www.youtube.com/watch?v=zJPrAzUfWHc

Conclusion: Matt harr0ey
Author: Matt harr0ey