Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat
Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewards
Security researchers have developed a tool to scan popular office software for security vulnerabilities, and have already found more than 100 vulnerabilities across Microsoft Word, Adobe Acrobat and Foxit Reader.
The research co-authored by Peng Xu, Yanhao Wang, Hong Hu, and Purui Su from the School of Cyber Security at the University of Chinese Academy of Sciences, introduced the tool and highlights vulnerabilities caused by the interaction of high and low-level languages.
This binding layer is prone to producing inconsistent representations of the scripts and can sometimes also overlook crucial security checks, leading to “severe security vulnerabilities” being found in the software.
After running Cooper on Adobe Acrobat, Microsoft Word, and Foxit Reader, the researchers were able to find a total of 134 novel bugs – 60 for Adobe Acrobat, 56 in Foxit Reader, and 18 in Microsoft Word.
Most of the bugs found by Cooper as part of the research (103) have been confirmed and 59 of them have been fixed already, netting the researchers $22,000 in bug bounties.
A total of 33 CVEs (official, trackable vulnerability codes) have been issued too, including CVE-2021-21028 and CVE-2021-21035 - a pair of bugs in Adobe Acrobat each with an 8.8 rating on the CVSSv3 severity scale.
The researchers used fuzzing to test for vulnerabilities in the programmes – a technique commonly used in such research and involves randomly generating a large number of inputs which are fed into the programme to highlight behavioural anomalies, the researchers said.
There were limitations to using the technique, and the researchers developed “novel techniques”: object clustering, statistical relationship inference, and relationship-guided mutation to address these.
The state of brand protection 2021
A new front opens up in the war for brand safetyFree download
The limitations of fuzzing lie in the way in which it explores the mutation of code. Fuzzing is one-dimensional, in that it modifies statements from the high-level code only, but binding statements receives inputs from two dimensions – the high-level code in the scripts and the low-level code in the underlying system.
This restriction means every bug in the binding code cannot be discovered in just one dimension.
Activation playbook: Deliver data that powers impactful, game-changing campaigns
Bringing together data and technology to drive better business outcomesFree Download
In unpredictable times, a data strategy is key
Data processes are crucial to guide decisions and drive business growthFree Download
Achieving resiliency with Everything-as-a-Service (XAAS)
Transforming the enterprise IT landscapeFree Download
What is contextual analytics?
Creating more customer value in HR software applicationsFree Download