The vulnerability which is now identified as CVE-2022-41034 was found by the Thomas Shadwell (Zemnmez ) of Google, who has published the details of the vulnerability stating that the attacker can take over the computer of a Visual Studio Code user and any computers they were connected to via the Visual Studio Code Remote Development feature.
This issue affected at least GitHub Codespaces, github.dev, the web-based Visual Studio Code for Web, and to a lesser extent Visual Studio Code desktop. - says Zemnmez.
In explaining the vulnerability Zemnmez says -
Visual Studio Code places various levels of security restriction on content opened in the editor to prevent a malicious attacker from creating a view window that is able to execute a ‘command:’ link.
The primary method by which the editor performs these restrictions is the internal trust model, which retains an ‘isTrusted’ annotation when views are opened. Documents that are opened with ‘isTrusted’ set to true are able to execute ‘command:’ URIs, as well as directly create unsafe HTML in Jupyter Notebook mode have ‘isTrusted’ annotation.
So to facilitate opening the same file in a new editor window, an ‘openFile’ parameter is provided for the editor internals to construct. openFile is a ‘payload’ parameter, where ‘payload’ is a series of flags given to the editor via URL query parameters when it starts. Files opened this way are opened in the trusted mode because the editor assumes that it was triggered by a user gesture in the editor.
Exploiting bug to RCE
As ‘command:’ is not a standard browser feature, users (or attackers) cannot run JavaScript code directly from <script> tags in HTML code that are injected after the page fully loads.
So to mitigate this our Zemnmez creates an image, a <a> tag with a blank target. The researcher has configured the <a> tag in such a manner that upon immediate failure his JavaScript code gets initiated.
This allows him to run arbitrary commands via the command: URI feature, which helps him to take over the victim’s computer by specifying the arguments in the query component of the URI, which are passed to the command with ‘workbench.action.terminal.new’, an undocumented identifier.
The affected version of VS Code
This remote code execution vulnerability exists in VS Code 1.71 and earlier versions for malicious notebooks. These notebooks could use command URIs to execute arbitrary commands, including potentially dangerous commands.