#OLEOutlook - bypass almost every Corporate security control with a point’n’click GUI
Kevin Beaumont

I can reproduce what is described in Outlook 2010.

The vulnerability is that an attacker can avoid Outlook security mechanisms and send an executable file that seems an Office document (because you can change the icon). In order to execute the executable the user have to open 1) the mail, 2) the attached email (msg) and 3) double click the executable icon, right?

The usual way of sending executable code to users is to send an Office document with a dropper macro that downloads the executable from Internet…this malicious Office document can be sent directly to the user and do not need to be embedded in another email…so it is more probably to open it.

I suppose the vulnerability you describe is another attack vector just in case the victim has some protection against malicious macros or something…

Have I understood it correctly?

Like what you read? Give Eloy Roldán Paredes a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.