CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability.

CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability.

These vulnerabilities exist in the way that Excel parses and validates malicious spreadsheet content. When a user opens a malicious Excel spreadsheet, the software will attempt to parse the content as expected. However, if the user has given permission to a particular application to open a particular kind of file (such as a Word or PowerPoint document, or a PDF file) then the malicious spreadsheet will be validated against those other applications’ security policies. If those other applications have security policies that allow the parsing of spreadsheet content then the malicious spreadsheet will be validated against those policies, and the end result will be an application crash or an application security warning. Which application is used to open a specific kind of file is determined by a variety of factors, including the OS and the installed applications, and is out of the control of the user. Within the context of Microsoft Excel, users can grant permission to open specific kinds of files to other applications on the computer, and can remove the same kinds of permissions from those applications.

VBScript

The vulnerability exists in the way that VBScript parses content within malicious spreadsheet files. When a user opens a malicious Excel file, the software will attempt to parse the content as expected. But if any of the malicious content is present within an embedded VBScript, then it will be parsed against the security policies of that application. If those other applications have security policies that allow for VBScript parsing, then the malicious script will be parsed against those policies, and the end result will be an application crash or an application security warning. Which application is used to open a specific kind of file is determined by a variety of factors, including the OS and installed applications, and is out of control of the user. Within the context of Microsoft Excel, users can grant permission to open specific kinds of files to other applications on their computer, and can remove these permissions from those applications.

Microsoft Excel and Office Software Overview

Microsoft Excel is the spreadsheet application included in Microsoft Office. It is used by millions of people worldwide to create, analyze, and share data.
Microsoft Office is a family of applications developed and sold by Microsoft for its Windows operating system, including Word, PowerPoint, Excel, Access, OneNote, Outlook, Publisher and many others.

VBA Code Execution (CVE-2019-7323)

- VBA Code Execution (CVE-2019-7323) is an issue that can allow a malicious spreadsheet to execute maliciously embedded Visual Basic for Applications (VBA) code. VBA is a programming language created by Microsoft that Excel's macros use. A maliciously embedded VBA code allows the user to take control of the target application, circumventing any security protections it might have in place.

Vulnerability overview

The vulnerability is caused by Excel parsing spreadsheet content as expected when it should not be. If a user has given permission to any application to open a specific kind of file (such as Word or PowerPoint), and that application then opens an Excel file, then the malicious spreadsheet will be validated against security policies from the application opening it. If those other applications have security policies that allow the parsing of spreadsheet content, then the malicious spreadsheet will be validated against those policies, and the end result will be an application crash or an app atsecurity warning.

Microsoft Office Vulnerabilities

Microsoft Office has released a series of patches to address the vulnerabilities, but the way that Microsoft Office handles malicious spreadsheet content may not be fixed until after the next release of Microsoft Office (expected in December 2018).

The way that Excel parses and validates malicious spreadsheet content

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe