Check Point researchers discovered multiple security flaws while fuzzing MSGraph, a Microsoft office component.
Microsoft Office is a software that is available on almost every computer, and is integrated into the Microsoft and Windows ecosystems such as Outlook and Office Online. Checkpoint researchers discovered multiple security vulnerabilities affecting the security of the entire ecosystem when fuzzing the office component MSGraph COM.
MSGraph COM component
MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE) is a very old office component that has existed since Office 2003. This component is embedded in Microsoft office products to Display charts. But the component did not get the attention of security personnel.
From a supply perspective, MSGraph is very similar to Microsoft Equation Editor 3.0. But unlike Equation Editor, MSGraph is updated with every office patch and receives the latest patch, which makes successful exploitation very difficult.
Figure 1: MSGraph editor embedded in an Excel document
Researchers fuzzed MSGraph and found four of the security vulnerabilities, namely:
CVE-2021-31179 – Memory corruption
· CVE-2021-31174 – OOBR
· CVE-2021-31178 – Integer overflow
· CVE-2021-31939 – UAF
After researchers found a vulnerable function in MSGraph, the researchers found that the vulnerable function was widely used in office products through code similarity check, such as Excel (EXCEL.EXE), office online server (EXCELCNV.EXE) and Excel OSX version. The researchers reproduced these vulnerabilities in these products.
As shown in the figure below, the exploit will cause a crash.
Figure 2: CVE-2021-31174 vulnerability OfficeOnline recurrence
Figure 3: CVE-2021-31174 vulnerability Excel reproduction
Figure 4: CVE-2021-31174 vulnerability MSGraph reproduction
Although the researchers only tested one Office component, they found multiple security vulnerabilities affecting the Office product ecosystem. The findings suggest that files can be embedded in different ways to exploit vulnerabilities in different Office products on different platforms.