Security Research & Defense

Browse by Tags

All Tags » Microsoft Office (RSS)

Monday, September 14, 2009 10:00 AM

OffVis updated, Office file format training video created

In July, we released a beta Office file format viewer application called OffVis as a downloadable tool. We are pleased today to announce an updated version of OffVis and a 30 minute training video to help you understand the legacy Office binary file format.

Posted by swiblog | (Comments Off)

Filed under: Microsoft Office, tools, detection, Security Tools

Friday, July 31, 2009 2:34 PM

Announcing OffVis 1.0 Beta

We’ve gotten questions from security researchers and malware protection vendors about the binary file format used by Microsoft Word, PowerPoint, and Excel. The format specification is open and we have spoken at several conferences ( 1 , 2 , 3 ) about

Posted by swiblog | (Comments Off)

Filed under: Microsoft Office, tools, detection, Security Tools

Tuesday, June 09, 2009 9:48 AM

MS09-024: Lower risk if you have Microsoft Word installed

Today we released bulletin MS09-024 that fixes vulnerabilities in text converters for the Microsoft Works document file format (WPS). Reduced impact if Microsoft Office is installed The Works converters included with Microsoft Word are vulnerable. However,

Posted by swiblog | (Comments Off)

Filed under: Mitigations, Microsoft Office, Risk Asessment, converters

Tuesday, May 12, 2009 10:11 AM

MS09-017: An out-of-the-ordinary PowerPoint security update

Security update MS09-017 addresses the PowerPoint (PPT) zero-day vulnerability that has recently been used in targeted attacks. We issued security advisory 969136 with workarounds on April 2nd after we first saw the exploits in-the-wild abusing this vulnerability.

Posted by swiblog | (Comments Off)

Filed under: exploitation, Microsoft Office, Attack Surface Reduction

Tuesday, April 14, 2009 9:00 AM

MS09-010: Reducing the text converter attack surface

MS09-010 addresses vulnerabilities in Word converters used by WordPad and by Office to load files saved in old file formats. Some of you probably saw this bulletin and thought “I never open documents from versions of Word prior to Word XP,” and you may

Posted by swiblog | (Comments Off)

Filed under: Workarounds, Microsoft Office, Attack Surface Reduction

Thursday, April 02, 2009 4:20 PM

Investigating the new PowerPoint issue

This afternoon, we posted Security Advisory 969136 describing a new vulnerability in PowerPoint while parsing the legacy binary file format. Unfortunately, we discovered this vulnerability being used to deploy malware in targeted attacks. We expect this

Posted by swiblog | (Comments Off)

Filed under: Workarounds, Microsoft Office, Attack, Risk Asessment

Tuesday, March 03, 2009 10:36 AM

Behavior of ActiveX controls embedded in Office documents

The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization

Posted by swiblog | (Comments Off)

Filed under: Workarounds, Internet Explorer (IE), ActiveX, safe for initialization, Microsoft Office

Tuesday, February 24, 2009 10:43 AM

More information about the new Excel vulnerability

This morning, we posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment.

Posted by swiblog | (Comments Off)

Filed under: Mitigations, Workarounds, Microsoft Office, Open XML

Tuesday, August 12, 2008 11:32 AM

MS08-043 : How to prevent this information disclosure vulnerability

In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise

Posted by swiblog | (Comments Off)

Filed under: Mitigations, Workarounds, Microsoft Office, detection, Open XML

Tuesday, August 12, 2008 11:31 AM

MS08-042 : Understanding and detecting a specific Word vulnerability

A few weeks ago we posted a blog entry titled " How to parse the .doc file format ". Today's blog post will show you how to use that information to check whether a .doc file is specially crafted to exploit MS08-042, one of the vulnerabilities addressed

Posted by swiblog | (Comments Off)

Filed under: Microsoft Office, tools, detection

Attachment(s): CVE-2008-2244.bt

Friday, July 18, 2008 2:04 PM

How to parse the .doc file format

This past February, Microsoft publicly released the Office binary file formats specification . These describe how to parse Word, Excel, and PowerPoint files to review or extract the content. Because they describe the structure of these file formats in

Posted by swiblog | (Comments Off)

Filed under: Microsoft Office, detection

Tuesday, May 13, 2008 10:15 AM

MS08-026: How to prevent Word from loading RTF files

This month we released an update for Microsoft Word that fixed issues relating to loading RTF files (CVE-2008-1091) and HTML files (CVE-2008-1434). Office applications like Microsoft Word can load a large variety of different file formats, and some people

Posted by swiblog | (Comments Off)

Filed under: Workarounds, Microsoft Office