Detection

MS08-042 : Understanding and detecting a specific Word vulnerability

Tuesday, August 12, 2008

A few weeks ago we posted a blog entry titled “How to parse the .doc file format”. Today’s blog post will show you how to use that information to check whether a .doc file is specially crafted to exploit MS08-042, one of the vulnerabilities addressed by today’s security updates. This particular vulnerability is being exploited out in the real world so we believe the benefits of releasing more information about it to help the defenders outweighs the risk of attackers learning more about the already-public vulnerability.

Read More

• Detection
• Microsoft Office
• Tools

MS08-043 : How to prevent this information disclosure vulnerability

Tuesday, August 12, 2008

In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to a remote data source and checks a checkbox to have Excel NOT save the password used in that connection to the file.

Read More

• Detection
• Microsoft Office
• Mitigations
• Open XML
• Workarounds

How to parse the .doc file format

Friday, July 18, 2008

This past February, Microsoft publicly released the Office binary file formats specification. These describe how to parse Word, Excel, and PowerPoint files to review or extract the content. Because they describe the structure of these file formats in detail, we think the file format specification will be particularly interesting to ISVs who write detection logic for malware scanners (such as Anti-Virus software).

Read More

• Detection
• Microsoft Office