Our new @OutflankNL blog post on abusing the SYLK file format. This 1980s file type can host macros in modern versions of MS Office / Excel without hitting protected mode. Post includes recommendations for mitigation (note: active abuse in the wild).https://outflank.nl/blog/2019/10/30/abusing-the-sylk-file-format/ …
Two notes: 1) There's a typo in the video. It's "XLM" macros, not "XML". 2) The option to "Disable all macros without notification" seems to work OK with traditional macros. It's XLM macros that execute without prompting if this option is selected.
-
-
Also note that the alert() was just a simple PoC. This allows for arbitrary code execution. Cue the traditional "pop calc" video...pic.twitter.com/CzDqfLTDLH
-
When all you want to do is see what you can embed an XLM macro in... /me mumbles something about sniff testspic.twitter.com/FfyJ0TUAy3
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.