Microsoft Office Component MSGraph Multiple Security Vulnerabilities

Microsoft Office Component MSGraph Multiple Security Vulnerabilities

Check Point researchers discovered multiple security flaws while fuzzing MSGraph, a Microsoft office component.

Microsoft Office is a software that is available on almost every computer, and is integrated into the Microsoft and Windows ecosystems such as Outlook and Office Online. Checkpoint researchers discovered multiple security vulnerabilities affecting the security of the entire ecosystem when fuzzing the office component MSGraph COM.

  MSGraph COM component

MSGraph COM component (MSGraph.Chart.8, GRAPH.EXE) is a very old office component that has existed since Office 2003. This component is embedded in Microsoft office products to Display charts. But the component did not get the attention of security personnel.

From a supply perspective, MSGraph is very similar to Microsoft Equation Editor 3.0. But unlike Equation Editor, MSGraph is updated with every office patch and receives the latest patch, which makes successful exploitation very difficult.

Microsoft Office Component MSGraph Multiple Security Vulnerabilities

Figure 1: MSGraph editor embedded in an Excel document

  security breach

Researchers fuzzed MSGraph and found four of the security vulnerabilities, namely:

CVE-2021-31179 – Memory corruption

· CVE-2021-31174 – OOBR

· CVE-2021-31178 – Integer overflow

· CVE-2021-31939 – UAF

code similarity

After researchers found a vulnerable function in MSGraph, the researchers found that the vulnerable function was widely used in office products through code similarity check, such as Excel (EXCEL.EXE), office online server (EXCELCNV.EXE) and Excel OSX version. The researchers reproduced these vulnerabilities in these products.

As shown in the figure below, the exploit will cause a crash.

Microsoft Office Component MSGraph Multiple Security Vulnerabilities

Figure 2: CVE-2021-31174 vulnerability OfficeOnline recurrence

Microsoft Office Component MSGraph Multiple Security Vulnerabilities

Figure 3: CVE-2021-31174 vulnerability Excel reproduction

Microsoft Office Component MSGraph Multiple Security Vulnerabilities

Figure 4: CVE-2021-31174 vulnerability MSGraph reproduction

  Summarize

Although the researchers only tested one Office component, they found multiple security vulnerabilities affecting the Office product ecosystem. The findings suggest that files can be embedded in different ways to exploit vulnerabilities in different Office products on different platforms.

The Links:   7MBP50RA060-06 LB150X03-TL01

micohuang