• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • June
  • 30
  • Excel Power Query vulnerability puts 120 million users Vulnerable to Remote DDE Attacks

Excel Power Query vulnerability puts 120 million users Vulnerable to Remote DDE Attacks

June 30, 2019 Comments Off on Excel Power Query vulnerability puts 120 million users Vulnerable to Remote DDE Attacks
excel power query exploit excel vulnerability power query exploit

Recently, security researchers at the Mimecast Threat Center discovered a new vulnerability in the Microsoft Excel spreadsheet application, which has caused 120 million users to be vulnerable to cyber attacks.

The researcher points out that this vulnerability allows an attacker can use Excel’s Power Query tool to enable remote dynamic data exchange (DDE) on a spreadsheet and control the payload. In addition, Power Query can be used to embed malicious code into a data source and propagate it.

What is Power Query?

Power Query is a powerful and scalable Business Intelligence (BI) tool that lets users integrate their spreadsheets with other data sources, such as an external database, text document, another spreadsheet, or a web page, to name a few. When sources are linked, the data can be loaded and saved into the spreadsheet, or loaded dynamically (when the document is opened, for example).

According to Mimecast, Power Query provides sophisticated and powerful features that can be used to perform types of attacks that are often difficult to detect.

“Using Power Query, attackers could embed malicious content in a separate data source, and then load the content into the spreadsheet when it is opened. The malicious code could be used to drop and execute malware that can compromise the user’s machine.”

For this discovery, Ofir Shlomo wrote in a blog post:

“The feature gives such rich controls that it can be used to fingerprint a sandbox or a victim’s machine even before delivering any payloads. The attacker has potential pre-payload and pre-exploitation controls and could deliver a malicious payload to the victim while also making the file appear harmless to a sandbox or other security solutions.”

As part of the Coordination of Vulnerability Disclosure (CVD), Mimecast worked with Microsoft about this vulnerability. Unfortunately, Microsoft did not release a bug fix for Power Query but instead provided a solution to alleviate this problem.

Also read: Microsoft Research Detours Package

Source: Mimecast

Post navigation

Patator – Multi-Purpose Brute-Forcer with a Modular Design and a Flexible Usage
Project iKy – Email Information Gathering Tool with a Visual Interface

Related Articles

Paris: Versus Market Exploit “is Real”

Paris: Versus Market Exploit “is Real”

- Dark Web News
May 19, 2022
Australian Police Arrest Two Alleged Darkweb Vendors

Australian Police Arrest Two Alleged Darkweb Vendors

- Dark Web News
May 18, 2022
DOJ is Investigating Someone for Evading Sanctions with Crypto

DOJ is Investigating Someone for Evading Sanctions with Crypto

- Dark Web News
May 18, 2022
hacker gadgets
hacker phone covers

Recent Posts

PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerProxy – PowerShell SOCKS Proxy With Reverse Proxy Capabilities

May 19, 2022
Researchers created a PoC exploit for Safari CVE-2022-26717 bug

Researchers created a PoC exploit for Safari CVE-2022-26717 bug

May 19, 2022
logdata-anomaly-miner v2.5.1 releases: parses log data and allows to define analysis pipelines for anomaly detection

logdata-anomaly-miner v2.5.1 releases: parses log data and allows to define analysis pipelines for anomaly detection

May 19, 2022
Paris: Versus Market Exploit “is Real”

Paris: Versus Market Exploit “is Real”

May 19, 2022
Cyph - Cryptographically Secure Messaging And Social Networking Service

Cyph – Cryptographically Secure Messaging And Social Networking Service

May 19, 2022
Australian Police Arrest Two Alleged Darkweb Vendors

Australian Police Arrest Two Alleged Darkweb Vendors

May 18, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW