Everybody needs to read @HaifeiLi's presentation on OLE:
https://www.blackhat.com/docs/us-15/materials/us-15-Li-Attacking-Interoperability-An-OLE-Edition.pdf …
The attack surface of MS Office is a factor of EVERY (COM-installing) application installed on your PC! It's like the early days of IE6 ActiveX all over again...
-
-
Except everybody who worked with OLE back in the day and don't even raise an eyebrow about the inherent lack of security when it comes to embedding.
1 reply 0 retweets 1 like
Replying to @pro_integritate @HaifeiLi
Indeed.pic.twitter.com/rYBB1zHEQ2
4:50 AM - 14 Dec 2017
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.