Serious Microsoft Office vulnerability leaks sensitive information

Mimecast informs Techzine that it has found a serious memory leak in Microsoft Office, which may leak sensitive information such as passwords. Due to the leak, users are at risk when creating, editing, opening and saving an Office file with ActiveX. Office includes popular programs such as Word, Excel and PowerPoint.

The vulnerability was discovered by Mimecast in November, after which it informed Microsoft. In mid-December, Microsoft stated that it would be ready to come up with a fix in January. Now that that’s done, Mimecast has also shared some details about the leak.

Research

Originally, Mimecast investigated a report that appeared to be a regular false positive. However, the researchers found that Office files containing the ActiveX control caused memory leaks. ActiveX is actually an outdated technology that allows different applications to share information and functionalities.

After further investigation, Mimecast found that the submitted Office files contained executable code, which generally indicates a security problem. This is how Mimecast discovered that the MSO-DLL file incorrectly disclosed the contents of the process memory. In this way, malicious parties can obtain data in order to further endanger the system.

With the information obtained, malicious parties can also take several steps. Not only is sensitive information available, such as certificates and http requests. Cybercriminals can also use the data to launch new attacks.

Severity

Microsoft thus classifies the vulnerability as important. It means that the leak could result in “impairment of the confidentiality, integrity or availability of a user’s data, or of the integrity or availability of the processing resources”.

Mimecast states that there are no known cases of exploitation. In the meantime, the advice is to install the Microsoft security patch as soon as possible. All Office files with ActiveX that have been created previously can be vulnerable to leakage.