Microsoft Office security, part one

The flood of recent Microsoft Office vulnerabilities has brought forth the need to understand the mechanics of the MS Office security architecture and the possible fault injection points. This article discusses Microsoft Office's OLE Structured Storage and the nature of recent dropper programs and other exploit agents, in an effort to scrutinize the workings of some of the recent MS Office exploits. The second part of this article then collates some forensic investigation avenues through different MS Office features. Parts of the article sample different MS Office vulnerabilities to discuss their nature and the method of exploitation.

1. Overview of recent MS Office vulnerabilities
MS Office vulnerabilities have aroused concerns, particularly for MS Office documents received through e-mail or downloaded from web sites. Some published vulnerabilities allow memory corruption or lead to buffer overflows, whereas others escalate privileges - all leading to compromising the victim's system. Microsoft Office security, part one

Linked by shanmuga Wednesday, 23rd August 2006 7:08AM