Full title: Microsoft Windows PowerShell Code Execution / Event Log Bypass Vulnerabilities 
Category: local exploits
Platform: windows
Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.

# 0day.today @ http://0day.today/