Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft 365 Copilot for Android | 1.0, 1.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| microsoft | microsoft 365 copilot for ios | mitre_affected | 90% |
Updated description with exploitation details, confirmed CVSS score, added IOC for malicious website, and included new tag for remote code execution.
Added a detailed description of the vulnerability and updated exploit availability to true.
Initial creation