Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment. How could an attacker exploit this vulnerability? An attacker could host a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot on a user’s device when the user visits the site. Because the affected component processes these requests without confirmation or origin checks, the prompts may be executed without the user’s awareness, potentially resulting in unintended actions within Copilot such as accessing or modifying data.
Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a>