Clipboard abuse is possibly worth a bug bounty reward from Microsoft

[rcmaehl]

I saw abusing the clipboard to full in the video was done with a non-privileged user account and DoS'd various applications (and Windows itself). Assuming the full clipboard also blocks running Task Manager as admin, LogonUI aka Ctrl Alt Del (runs as SYSTEM), or other privileged apps it could be potentially worth up to $200,000

If so, you can submit it at https://msrc.microsoft.com/report/vulnerability/new?c=bounty

And here's the bug bounty overview: https://www.microsoft.com/en-us/msrc/bounty

[ThioJoe]

Hm interesting

Unfortunately looks like I wouldn't qualify because I basically already broadcasted it publicly lol. From their terms and conditions:

While we are doing that we require that Bounty Submissions remain confidential and cannot be disclosed to third parties or as part of paper reviews or conference submissions. You can make available high-level descriptions of your research and non-reversible demonstrations after the Vulnerability is fixed. We require that detailed proof-of-concept exploit code and details that would make attacks easier on customers be withheld for 30 days after the Vulnerability is fixed.

[Tr3yWay996]

Hm interesting

Unfortunately looks like I wouldn't qualify because I basically already broadcasted it publicly lol. From their terms and conditions:

While we are doing that we require that Bounty Submissions remain confidential and cannot be disclosed to third parties or as part of paper reviews or conference submissions. You can make available high-level descriptions of your research and non-reversible demonstrations after the Vulnerability is fixed. We require that detailed proof-of-concept exploit code and details that would make attacks easier on customers be withheld for 30 days after the Vulnerability is fixed.

Hey you can still try