As a proof of concept, I made a simple Word document that launches calc.exe by way of a one-line VBScript macro. Microsoft Office macros can help automate repetitive tasks, but in the end they are equivalent to running native code. Malicious Microsoft Office documents that leverage macros are exploiting capabilities that are provided by Microsoft Office by design. This weakness was used by the Stuxnet worm. For example, consider the Microsoft Windows design flaw that caused Windows to automatically execute code that is specified in shortcut files. The benefit of such weaknesses is that they can work universally. Exploiting Design WeaknessesÄesign weaknesses are a much more valuable target for an attacker, as opposed to an implementation flaw that relies on memory corruption, for example. Attackers look for the widest range of compatibility for their exploits. In some cases, an exploit for a vulnerability may only work on very specific targets.
Approach and retract macro is disabled. hypermill software#
What version of the vulnerable software is being used?.Successful and reliable exploitation can rely on a number of variables, such as Using implementation bugs, such as ones that can be found through fuzzing, can be viable for an attacker. Exploiting VulnerabilitiesĪttackers like to target weaknesses in the design of an application whenever possible. Why is everything old new again? Reliability of the exploit is one reason, but the user interface of Microsoft Office is also to blame. We even published an FAQ about the Melissa virus that suggests to disable macros in Microsoft Office products. In 1999, CERT actually published an advisory about the Melissa virus, which leveraged macros to spread. Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities.