The deeplink handler for
/l/task/:appIdin Microsoft Teams can load an arbitrary URL in webview/iframe. An attacker can leverage this with teams RPC’s functionality to get code execution outside the sandbox. 2022 Microsoft Teams RCE
so.cl
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer