Jump to content
  • Microsoft Office MSGraph vulnerability could lead to code execution


    Karlston

    • 1.1k views
    • 3 minutes
     Share


    • 1.1k views
    • 3 minutes

    Microsoft Office MSGraph vulnerability could lead to code execution

     

    Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.

     

    Because the component can be embedded in most Office documents, an attacker can use it to deliver a malicious payload without the need for special functions.

    Legacy code

    Tracked as CVE-2021-31939, the security flaw is part of a larger set of security vulnerabilities that researchers at Check Point discovered in MSGraph and reported to Microsoft.

     

    The reason the researchers focused on testing MSGraph for security flaws is that it contains code that is at least 17 years old and has an attack surface that is similar to Microsoft Equation Editor, where bugs fixed in 2017 continue to be heavily exploited to this day.

    MSGraph editor in Microsoft Excel document
    MSGraph editor embedded in a Microsoft Excel document

    Details about the vulnerability are lacking at this point, as the bug received an identifier only recently. However, Check Point notes in a report today that CVE-2021-31939 is a use-after-free (UAF).

     

    This type of flaw consists of incorrect use of dynamic memory during program operation and can lead to arbitrary code execution on the system.

     

    According to the researchers, the issue is in a MSGraph file parsing function, which “is commonly used across multiple different Microsoft Office products, such as Excel (EXCEL.EXE), Office Online Server (EXCELCNV.EXE) and Excel for OSX.”

     

    Check Point’s public disclosure today includes three other security flaws discovered in the Microsoft Office MSGraph component, all of them patched last month:

     

    • CVE-2021-31174 - out-of-bounds read (OOBR) vulnerability leading to information disclosure in Microsoft Excel (medium severity); affects MSGraph, Office Online, and Microsoft Excel
    • CVE-2021-31178 - integer underflow to out-of-bounds read (OOBR) vulnerability leading to information disclosure (medium severity)
    • CVE-2021-31179 - memory corruption vulnerability leading to remote code execution (high severity)

     

    All the flaws were discovered through fuzzing, a testing technique where code is bombarded with various input to find errors and security vulnerabilities. The exceptions generated this way include crashes and memory leaks that could lead to exploitation.

     

    The researchers say that all four vulnerabilities can be embedded in most Office documents, leaving room for multiple attack scenarios with the vulnerability being triggered once the victim opens a malicious Office file.

     

    "If exploited, the vulnerabilities would grant an attacker the ability to execute malicious code on targets via specially crafted Office documents," Check Point told BleepingComputer.

     

    “Since the entire Office suite has the ability to embed Excel objects, this broadens the attack vector, making it possible to execute such an attack on almost any Office software, including Word, Outlook and others” - Check Point

     

    Check Point reported the vulnerabilities to Microsoft on February 28 and three of them were patched last month. CVE-2021-31939 received its tracking identifier at a later date and is scheduled to receive a patch today.

     

     

    Microsoft Office MSGraph vulnerability could lead to code execution


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...