Security News > 2021 > June > Microsoft Office MSGraph vulnerability could lead to code execution

Microsoft Office MSGraph vulnerability could lead to code execution
2021-06-08 15:15

Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.

According to the researchers, the issue is in a MSGraph file parsing function, which "Is commonly used across multiple different Microsoft Office products, such as Excel, Office Online Server and Excel for OSX.".

CVE-2021-31174 - out-of-bounds read vulnerability leading to information disclosure in Microsoft Excel; affects MSGraph, Office Online, and Microsoft Excel.

CVE-2021-31179 - memory corruption vulnerability leading to remote code execution.

The researchers say that all four vulnerabilities can be embedded in most Office documents, leaving room for multiple attack scenarios with the vulnerability being triggered once the victim opens a malicious Office file.

"If exploited, the vulnerabilities would grant an attacker the ability to execute malicious code on targets via specially crafted Office documents," Check Point told BleepingComputer.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-office-msgraph-vulnerability-could-lead-to-code-execution/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2021-31179 Unspecified vulnerability in Microsoft products
Microsoft Office Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8
2021-05-11 CVE-2021-31174 Out-of-bounds Read vulnerability in Microsoft products
Microsoft Excel Information Disclosure Vulnerability
local
low complexity
microsoft CWE-125
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 708 787 4587 4647 3639 13660