Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Ben Hawkes Profile picture
Ben Hawkes
@benhawkes
Isosceles (https://t.co/GMVcBoGsqR), prev: Google, Project Zero
May 19, 2020 22 tweets 4 min read
This is a list of the most commonly exploited vulnerabilities between 2016 and 2019, from CISA and FBI. Unfortunately they didn't share their methodology, but let's take a closer look at the CVEs, because I think the list shows an interesting trend. 1) CVE-2017-11882 - A stack overflow in Equation Editor (EQNEDT32.EXE) that was accessible via Microsoft Office documents. Crucially, neither DEP or ASLR was enabled on this binary, meaning that the issue was trivially exploitable.