Disable DDEAUTO for Microsoft Word, Excel, Outlook, versions 2010, 2013, 2016 Appears to block known DDE attacks.https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b …
Yes, I tested each. Documentation is sparse. I wanted to include Office 2007, but there isn't a discrete reg value for the pref change.
-
-
Thanks I tested Word and Outlook but not Excel. How did you make a Excel PoC doc?
-
See: http://georgemauer.net/2017/10/07/csv-injection.html … The underlying mechanism is the same (DDE)
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.