Home Cyber Crime Microsoft Office MSGraph vulnerability could lead to code execution

Microsoft Office MSGraph vulnerability could lead to code execution


Use-after-free bug in Microsoft Office MSGraph component

Microsoft as we speak will launch a patch for a vulnerability affecting the Microsoft Workplace MSGraph element, accountable for displaying graphics and charts, that could possibly be exploited to execute code on a goal machine.

As a result of the element might be embedded in most Workplace paperwork, an attacker can use it to ship a malicious payload with out the necessity for particular capabilities.

Legacy code

Tracked as CVE-2021-31939, the safety flaw is an element of a bigger set of safety vulnerabilities that researchers at Examine Level found in MSGraph and reported to Microsoft.

The explanation the researchers centered on testing MSGraph for safety flaws is that it incorporates code that’s no less than 17 years previous and has an assault floor that’s much like Microsoft Equation Editor, the place bugs fastened in 2017 proceed to be heavily exploited to this present day.

MSGraph editor in Microsoft Excel document
MSGraph editor embedded in a Microsoft Excel doc

Particulars in regards to the vulnerability are missing at this level, because the bug acquired an identifier solely just lately. Nevertheless, Examine Level notes in a report as we speak that CVE-2021-31939 is a use-after-free (UAF).

Such a flaw consists of incorrect use of dynamic reminiscence throughout program operation and might result in arbitrary code execution on the system.

In response to the researchers, the problem is in a MSGraph file parsing perform, which “is usually used throughout a number of totally different Microsoft Workplace merchandise, corresponding to Excel (EXCEL.EXE), Workplace On-line Server (EXCELCNV.EXE) and Excel for OSX.”

Examine Level’s public disclosure as we speak contains three different safety flaws found within the Microsoft Workplace MSGraph element, all of them patched final month:

  • CVE-2021-31174 – out-of-bounds learn (OOBR) vulnerability resulting in info disclosure in Microsoft Excel (medium severity); impacts MSGraph, Workplace On-line, and Microsoft Excel
  • CVE-2021-31178 – integer underflow to out-of-bounds learn (OOBR) vulnerability resulting in info disclosure (medium severity)
  • CVE-2021-31179 – reminiscence corruption vulnerability resulting in distant code execution (excessive severity)

All the failings have been found by fuzzing, a testing approach the place code is bombarded with numerous enter to seek out errors and safety vulnerabilities. The exceptions generated this manner embrace crashes and reminiscence leaks that would result in exploitation.

The researchers say that every one 4 vulnerabilities might be embedded in most Workplace paperwork, leaving room for a number of assault situations with the vulnerability being triggered as soon as the sufferer opens a malicious Workplace file.

“If exploited, the vulnerabilities would grant an attacker the flexibility to execute malicious code on targets by way of specifically crafted Workplace paperwork,” Examine Level advised BleepingComputer.

“Because the total Workplace suite has the flexibility to embed Excel objects, this broadens the assault vector, making it potential to execute such an assault on virtually any Workplace software program, together with Phrase, Outlook and others” – Examine Level

Examine Level reported the vulnerabilities to Microsoft on February 28 and three of them have been patched final month. CVE-2021-31939 acquired its monitoring identifier at a later date and is scheduled to obtain a patch as we speak.

Source link