It's fascinating to think what the thought process was that made this bug possible. Clearly time was spent designing a way of blocking VBScript in Internet Zone, but not enough time to realize there's multiple VBScript CLSIDs. Also seems the Office team did it right ¯\_(ツ)_/¯https://twitter.com/ProjectZeroBugs/status/1107998661370245120 …
Replying to @tiraniddo
Fact: You used to be able to bypass the ActiveX kill bit if you used a CLSID that had curly braces {} around it. That one I found by accident.https://www.kb.cert.org/vuls/id/998297/
0 replies
0 retweets
7 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.