Lol, another SLK/XML macro warning bypass. Recommendation do NOT “Disable all macros without notification” on excel4mac, this setting enabled direct execution of any Xlm macro.. Nice find @wdormannhttps://kb.cert.org/vuls/id/125336/
-
-
Replying to @ptrpieter @wdormann
Pieter, your research on this was from 2018, correct? Curious delay.
1 reply 0 retweets 0 likes -
Replying to @JohnEDunn @ptrpieter
Will Dormann Retweeted Will Dormann
Yes,
@ptrpieter and@OutflankNL did the heavy lifting in 2018. What I discovered last week was that the security setting that should *protect* you (Disable all macros without notification) does the exact *opposite* by RUNNING macros without notification.https://twitter.com/wdormann/status/1189934161357889544 …Will Dormann added,
1:25Will Dormann @wdormannReplying to @StanHacked @OutflankNLNote that if you have configured Macros to be disabled without prompting in Mac Office, there's a bug that causes Macros to be *ENABLED WITHOUT PROMPTING* I've confirmed this with fully-patched Office 2016 and 2019 on the Mac. Oh the irony to put security-conscious folks at risk. pic.twitter.com/AipCy8kiyn1 reply 0 retweets 1 like
Will Dormann Retweeted Will Dormann
And perhaps obviously, the alert() was just a warm-up. This technique allows for RCE.https://twitter.com/wdormann/status/1190261520078450688 …
Will Dormann added,
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.