Experts from Check Point discovered four security vulnerabilities in the Microsoft Office suite that an attacker could exploit to craft weaponized Word and Excel documents.
Below the list of flaws discovered by the experts:
The CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 vulnerabilities have been addressed by Microsoft as part of its Patch Tuesday update for May 2021, while the CVE-2021-31939 flaw is expected to be fixed in June.
The experts used fuzzing techniques to test the MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE), a component that was included in the suite since Office 2003 or earlier.
MSGraph can be embedded in many products of the Microsoft Office suite, including Word, Outlook, PowerPoint to display graphs and charts. Experts pointed out that flaws in the
“In terms of attack surface, MSGraph is quite similar to Microsoft Equation Editor 3.0. However, unlike Microsoft Equation Editor, MSGraph is still updated in every Office patch and receives the latest mitigations (such as ASLR and DEP), which makes successful exploitation harder.” reads the post published by Check Point. “We later found that this attack surface also applies to other Microsoft Office products, including Excel and Office Online, that share the same code.”
Experts also discovered that the vulnerable function is commonly used across multiple different MS Office products, such as Excel (EXCEL.EXE), Office Online Server (EXCELCNV.EXE) and Excel for OSX. The researchers were able to successfully reproduce some of the flaws in these products.
“Even though we researched a single component of Microsoft Office, we managed to find several vulnerabilities that affect multiple products in this ecosystem. The results of this research were a set of files that could be embedded in different ways to potentially exploit different Office products across multiple platforms.” concludes the report. “As a bonus, we also had the opportunity to experiment with multiple different fuzzing solutions. We hope you find our notes useful.”
Below the disclosure timeline for these vulnerabilities:
(SecurityAffairs – hacking, MS Office)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.