CVEs-PoC/2020/CVE-2020-24772.md

### [CVE-2020-24772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24772)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).

### POC

#### Reference
- https://github.com/Dreamacro/clash/issues/910

#### Github
No PoCs found on GitHub currently.