Analyzing Microsoft Office exploits
While Microsoft Office is mainly associated with Windows by many people, it has also supported the macOS operating system for several decades. In addition, the file formats used by it are also understood by various other suites, such as Apache OpenOffice and LibreOffice. In this section, we will look at vulnerabilities that can be exploited by malformed documents to perform malicious actions and learn how to analyze them.
File structures
The first thing that should be clear when analyzing any exploit is how the files associated with them are structured. Let’s take a look at the most common file formats associated with Microsoft Office that are used by attackers to store and execute malicious code.
Compound file binary format
This is probably the most well-known file format that can be found in documents associated with various older and newer Microsoft Office products, such as .doc (Microsoft Word), .xls (Microsoft Excel), .ppt...
