## https://sploitus.com/exploit?id=7DF51817-0A8C-56DC-BC41-16A4B1DEE7CB
# Microsoft Amplifier RCE PoC
Proof of concept demonstrating remote code execution vulnerability in Microsoft Amplifier CLI via malicious project configuration.
## Vulnerability Summary
Microsoft Amplifier automatically loads `.amplifier/settings.yaml` from the current working directory. This configuration can specify custom module sources pointing to local directories. When these modules are imported, Python executes code at module scope before any validation occurs.
## Steps to Reproduce
1. Clone this repository
2. Navigate to the directory:
```bash
cd MicrosoftAmplifierPoC
```
3. Run Amplifier with any API key:
```bash
ANTHROPIC_API_KEY="sk-ant-dummy" amplifier run "hello"
```
4. Calculator opens on macOS, proving arbitrary code execution
## Impact
- Supply chain attacks via malicious repositories
- Code execution before any API validation
- Full user privilege compromise
## Root Cause
- `paths.py` (lines 96-100): Auto-loads project settings without consent
- `loader.py` (line 356): `importlib.import_module()` executes code on import
- Module validation occurs AFTER import (too late)
## Affected
Microsoft Amplifier CLI - https://github.com/microsoft/amplifier
## Disclosure
Reported to Microsoft Security Response Center (MSRC) via VDP.