I published the following diary on isc.sans.edu: “More Excel DDE Code Injection“:
The “DDE code injection” technique is not brand new. DDE stands for “Dynamic Data Exchange”. It has already been discussed by many security researchers. Just a quick reminder for those who missed it. In Excel, it is possible to trigger the execution of an external command by using the following syntax… [Read more]
[The post [SANS ISC] More Excel DDE Code Injection has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2018/09/28/sans-isc-more-excel-dde-code-injection/