A vulnerability in Microsoft Office allowed documents with embedded ActiveX controls to leak local machine information and user information including passwords. The vulnerability was detected by Mimecast Research Labs in November 2018. Mimecast has reported the vulnerability to Microsoft on November 6.
More details on the vulnerability
The vulnerability CVE-2019-0560 affects Office 2010, Office 2013, Office 2016, Office 2019, and Office 365 ProPlus using ActiveX controls.
Mimecast in a report explains that the vulnerability exists as the MSO.DLL appears to improperly leak the contents of its process memory. An attacker who exploits this vulnerability could gain access to information stored in the memory such as passwords, http requests, certificates, domain information, and other user information. This information could further allow attackers to compromise systems.
“This memory leak leads to the permanent writing of memory content into different Microsoft Office files and thus, the potential for the unintended leakage of sensitive information and local machine information. If known, this is the type of data could be useful to cybercriminals for executing a malware-enabled, remote execution attack and at least as important—to steal sensitive information,” Matthew Gardiner, Director of Product Marketing, explained, Softpedia reported.
Microsoft has released patches and security updates
Microsoft explained that in order to exploit the vulnerability, the attacker could create a special document and then would trick the victim into opening the document. For this, the attacker must know the memory address location where the object was created.
However, Microsoft has already released patches for all the affected Office products with an ‘Important’ severity rating. Installing the January 2019 security updates resolves the vulnerability.