Vulnerability Notification: Microsoft Office Graph Chart Out-Of-Bounds Write

[Overview]

Microsoft Office is an office software suite based on the Windows operating system, including Word, Excel, etc. Microsoft Graph is a component for document insertion and charts and graphs editing. Recently, Microsoft fixed a remote code execution vulnerability in Office.

[Vulnerability Details]

CVE-2018-8157: This vulnerability is due to incorrect verification of PaletteRecord when processing Office BIFF3 version (Binary Swap File Format) Chart Sheet Substream. Hackers can send specially designed files to users through e-mail attacks. If a user opens a file with a vulnerable version of Office, the hackers will execute arbitrary code in the current user context.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8157

[Severity]

Critical

[Affected Version]

  • Microsoft Office 2010 Service Pack 2
  • Microsoft Office 2013 RT Service Pack 1
  • Microsoft Office 2013 Service Pack 1
  • Microsoft Office 2016
  • Microsoft Office 2016 Click-to-Run (C2R)

[Suggestions]

Update the bug fix release provided by Microsoft to eliminate the damage caused by the vulnerability.

Avoid clicking on attachments or links from untrusted sources in suspicious emails.

Official statement: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.242. By deploying any Hillstone Networks solution with the IPS function, the Microsoft Office Graph Chart Out-Of-Bounds Write vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description