Authors, Creators & Presenters: Yunpeng Tian (Huazhong University of Science and Technology), Feng Dong (Huazhong University of Science and Technology), Haoyi Liu (Huazhong University of Science and Technology), Meng Xu (University of Waterloo), Zhiniang Peng (Huazhong University of Science and Technology; Sangfor Technologies Inc.), Zesen Ye (Sangfor Technologies Inc.), Shenghui Li (Huazhong University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University), Haoyu Wang (Huazhong University of Science and Technology)
PAPER
Be Careful of What You Embed: Demystifying OLE Vulnerabilities
Microsoft Office is a complete suite of productiveness instruments and Object Linking & Embedding (OLE) is a specification that standardizes the linking and embedding of a various set of objects throughout totally different functions.OLE facilitates knowledge interchange and streamlines consumer expertise when coping with composite paperwork (e.g., an embedded Excel sheet in a Word doc). However, inherent safety weaknesses inside the design of OLE current dangers, because the design of OLE inherently blurs the belief boundary between first-occasion and third-occasion code, which can result in unintended library loading and parsing vulnerabilities which could possibly be exploited by malicious actors. Addressing this challenge, this paper introduces OLExplore, a novel device designed for safety evaluation of Office OLE objects.With an in-depth examination of historic OLE vulnerabilities, now we have recognized three key classes of vulnerabilities and subjected them to dynamic evaluation and verification. Our analysis of assorted Windows working system variations has led to the invention of 26 confirmed vulnerabilities, with 17 assigned CVE numbers that every one have distant code execution potential.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters data trade amongst researchers and practitioners of community and distributed system safety. The audience consists of these excited about sensible facets of community and distributed system safety, with a give attention to precise system design and implementation. A serious purpose is to encourage and allow the Internet neighborhood to use, deploy, and advance the state of accessible safety applied sciences.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
