Wow, works in excel 2016 but i assume our GP/microsofts common sense flags a warning: "Remote data not accessible: To access this data Exel needs to start another application. Some legitimate applications on your computer could be used maliciously to spread viruses or damage your computer. Only click Yes if you trust the source of this workbook and you want to let the workbook start the application. Start application 'mspaint.exe'?"
At this point i am sure 50% of normal endusers would have stopped reading and just clicked Yes anyway. I also assume the command executed could have been a registry hack to disable this warning, allowing several more commands to be ran without popping this warning. Crazy stuff, but fun morning exercise.
So if I’m getting this right, it’s possible to inject filler null characters into the command to execute. This doesn’t seem really obfuscated, from the hex dump–just ignore the null bytes?
