CSV injection, quite interesting and more impactful than I had imagined http://georgemauer.net/2017/10/07/csv-injection.html …
... or DDE as well, apparently. It's the end user's decision as to whether or not to run malware by way of MS Office https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ …pic.twitter.com/0I6DBm3MUs
-
-
Excel still fails in separating Code from Data. That is the overall problem with touring complete Languages within Data Formats.
#LangSecThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.