Legacy Office Feature Used In Novel Document Attacks

October 13, 2017


Recent document-based attacks have leveraged malicious macros that if enabled install malware. But, researchers at SensePost have developed a proof-of-concept attack that does not require macros and instead uses an old Microsoft Office feature called Dynamic Data Exchange to execute code on targeted computers.

The feature allows you to pull data from one document and inject it into a second. For example, open a monthly sales report in Word and an embedded field can be dynamically updated with sales data from a separate Excel spreadsheet. What SensePost’s PoC shows is how Dynamic Data Exchange (DDE) can be abused to open a command prompt and run malicious code on a targeted computer.

Read More on Threat Post