Remote code execution On Microsoft edge using URL Protocol

Image for post
Image for post


Hello everyone and welcome to my first bug ever in ‘RCE’ section and I hope this is a good beginning.

The topic of this blog post is: ‘RCE’ on Microsoft edge using URL protocol by some bugs and locations in registry that I found a few time ago, ( Using Jsffile and Wsffile). I’m glad guys but If ‘MSRC’ team patched It and I got bounty that would be a great thing for me but nothing of these options happened because there are some reason they did patch my bugs on the time.

The reasons are:
They determined the bugs I sent and knew a lot of information about them but they gave me just ‘appreciation and/or thanks’ although I saw some people submitted bugs the same I sent and they got their patches.

See below the message I got from ‘MSRC team’

The message I received was seen in

Image for post
Image for post

As you can see above the message was sent by ‘MSRC team’ and that contains some words mean:

They understood the bug but It haven’t got place in the list of acknowledgement that they created in their website for acknowledgements and the patches as well.
By the way, I wouldn’t say I need the money that they give everyday for researchers and I don’t think It’s the end in ‘Cyber security’.

As I understood when I saw the message. they patched the bug without update and so far both ‘JSFFILE’ and ‘WSFFILE’ have been removed from ‘Registry editor’ by ‘MSRC team’. let’s go to see the steps to do ‘RCE’.

First we can take a test if the proof of concept work or no, but I’m sure 100% It’s not going to work after It was removed.
I think my answer was 100% correct.


Image for post
Image for post
Image for post
Image for post

It hasn’t worked since they removed it from ‘Registry editor’.
but all of these reasons don’t mean: I hadn’t record any proof of concept before they pathed the bug.

Image for post
Image for post

You can enjoy watching the video I released before patches.

Conclusion: Matt harr0ey
Author: Matt harr0ey

Written by

Student Faithful Researcher || & Camp of storming || Optimize security | Enjoy abuse

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store