Feeds

Flaw finders lay siege to Microsoft Office

'These guys are using fuzzing tools and producing a large number of bugs'

Remote control for virtualized desktops

In fact, fuzzing tools appear to be the source of the deluge of Office flaws.

Once considered a crutch for the lowest form of code hacker - the much-denigrated "script kiddie" - data-fuzzing tools have gained stature to now be considered an efficient way to find vulnerabilities, especially obscure ones.

Fuzzers automate the process of trying to break an application by sending it unexpected data. Given a set of rules for constructing a file or an online form, a fuzzer will create every conceivable variation. Increasingly, vulnerability researchers and hackers are turning to tools to automate the discovery of flaws. For example, Next-Generation Security Software, a U.K. based technology consultancy, used a homegrown data-fuzzing tool to find the recent flaw fixed by Microsoft in the way Excel handles LABEL record files.

"Fuzzing and understanding file formats is the way that a lot of people are progressing along," said Sherief Hammad, founding director of NGSSoftware. "It is pretty easily, programmatically, to build up a file with malformed input. Sometimes that is a better way to analyze program flaws."

In July, security researcher HD Moore promised to release a browser bug every day of the month, highlighting the utility of data-fuzzing tools, but also the threat to software companies and their customers of falling behind the attackers in using such tools.

"Just like Moore is putting out a bug a day, these guys are using fuzzing tools and producing a large number of bugs," ISC's Sachs said.

Between Moore's focus on Internet Explorer flaws and the automated search for Office flaws, Microsoft's programmers have their work cut out for them, and system administrators should expect more fixes for software flaws from Microsoft. NGSSoftware, at least, has found two more vulnerabilities and reported them to Microsoft. In addition, the latest targeted Trojan horse attack uses a vulnerability in PowerPoint that the software giant still has to fix.

Moreover, the flaws reported to date are only due to a limited amount of effort using fuzzers, TippingPoint's Dhamankar stressed. Researchers do not typically have access to the detailed information about file formats for Microsoft's Office, so their efforts to date have been limited.

"What you are seeing right now is just investigation into one part of the file format, and people have a lot more records to look at," TippingPoint's Dhamankar said.

This article originally appeared in Security Focus.

Copyright © 2006, SecurityFocus

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.