Microsoft Office flaw

Researchers from Check Point revealed security vulnerabilities in the Microsoft Office suite that cloud allows attackers to craft weaponized Word and Excel documents.

Analysis of Vulnerabilities in Microsoft Office Component

For the analysis, the experts used fuzzing techniques to test the MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE), a component that was included in the suite since Office 2003 or earlier.

MSGraph is a component that can be embedded inside many Microsoft Office products such as Word, Outlook, PowerPoint, etc., and is used to display graphs and charts. In terms of the attack surface, MSGraph is quite similar to Microsoft Equation Editor 3.0.

Checkpoint experts mention that “MSGraph is quite similar to Microsoft Equation Editor 3.0. However, unlike Microsoft Equation Editor, MSGraph is still updated in every Office patch and receives the latest mitigations (such as ASLR and DEP), which makes successful exploitation harder. We later found that this attack surface also applies to other Microsoft Office products, including Excel and Office Online, that share the same code.”

Therefore experts pointed out the vulnerable function inside MSGraph that is commonly used across multiple different MS Office products, such as Excel (EXCEL.EXE), Office Online Server (EXCELCNV.EXE), and Excel for OSX.

“We found through code similarity checks that the vulnerable function is commonly used across multiple different Microsoft Office products, such as Excel (EXCEL.EXE), Office Online Server (EXCELCNV.EXE), and Excel for OSX. We successfully reproduced some of the bugs in these products”, say the researchers from CheckPoint.

Four Vulnerabilities Disclosed

Fixes Available

Microsoft fixes CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 (Patch Tuesday) in May 2021.The CVE-2021-31939 is expected to be fixed in June 2021

The research was executed on a single component of Microsoft Office and found many vulnerabilities that affect multiple products in this ecosystem.

As a result, a set of files could be embedded in different ways to potentially exploit different Office products across multiple platforms, Concludes the report.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Hackers Abuse Microsoft Build Engine to Deliver Password-Stealing Malware Filelessly

Microsoft Released CyberBattleSim – A Python-based Enterprise Environment Simulator