I didn't see anything in that post to give me the feeling that code is being exe... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		EvanAnderson on July 2, 2015 \| parent \| context \| favorite \| on: Microsoft Office – OLE Packager allows code execut... I didn't see anything in that post to give me the feeling that code is being executed automatically. While I would concede that requiring the user to click on something inside the "payload" document isn't a high bar to achieve it is different than automatic code execution upon opening the document.

gossitd on July 3, 2015 [–]

It needs user interaction. POC Samples here: http://owned.lab6.com/~gossi/research/public/packager/ (made by me, safe to try).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact