top | item 45040390

(no title)

djent | 6 months ago

malware isn't remote. therefore it isn't remote code execution

discuss

If you can execute code on some machine without having access to that machine, then it's RCE. Whether you gain RCE through an exploit in a bad network protocol or through tricking the user into running your code (i.e. this attack) is merely a delivery mechanism. It's still RCE

djent|5 months ago

A user executing malware on their local machine is not remote.

cluckindan|6 months ago

Not exactly. A supply chain attack can be used to deliver RCE enabling payloads such as a reverse shell, but in itself, it is not considered RCE.

RCE implies ability to remotely execute arbitrary code on an affected system at will.