TRAPMINE | Prevent Threats. Detect Unknown. Respond to Attacks.

MS Office DDE Command Execution Attacks

Researchers of SensePost published an interesting and slick way to execute code on a target computer using Microsoft Office – but without the macros or memory corruptions. This technique has recently been publicized following a Microsoft decision that this functionality is a feature by design and will not be removed. The technique relies on dynamic data exchange, or DDE , an older technology once used for coding and automation within Microsoft Office applications.

It works even with macros disabled because it’s not using the macros. There is not any  “security” warning for the user. There is only a prompt asking if the user wants to start the application specified in the command which looks very innocent popup.

Although the attack technique has been published 2 days ago, we are now seeing it actively being used by attackers in the wild.

TRAPMINE is able to prevent the execution of payload without needing any prior knowledge;


More Posts

TRAPMINE Releases Open Source Linux Code

We’re proud to announce that Trapmine’s eBPF-based sensor for monitoring security relevant events on Linux system is now available as open source under the GPLv2 license at The sensor collects information from various sources

Read More »