MS Word Logical Bug allows Hackers to harm your Computer

Microsoft has no plans to patch this logical bug and says its software is "properly interpreting HTML as designed"

Cyber Security Researchers found Business Logical bug in the Microsoft word version 2016 or older than. By using this vulnerability attacker can embed malicious code in the word file and this code will execute at run time of the document.

Business logical bug is little different with the other severity vulnerabilities. Business logic vulnerabilities are methods of using the authorized processing flow or behaviour of an application in a way that responses in a negative consequence to the organization.

Manish Kumawat, director at Cryptus Cyber Security Pvt Ltd, said: "When a user attaches an online YouTube video link to an MS Word file, the Online Video attach option automatically creates an HTML embed script code, which is executed when the thumbnail inside the document is clicked by the viewer which will be executed when user clicks on the video thumbnail in MS word document.

"The document.xml file, which is used the attached code of embed video link, that code can be replace with a malicious code of java script or html.In another way, an attacker can replace the original video code with a malicious code which will infect the victim system."

Discovered by researchers at Cymulate, the vulnerability affects the 'Online Video' feature in Word file, this option that allows users to attach an online YouTube Link.To prove the vulnerability, Cymulate researchers created a proof-of-concept attack, demonstrating how How the malicious code infect the victim computer.

Cymulate researchers reported this bug, which impacts all users of MS Office 2016 and older versions, three months ago to Microsoft, but the company rejected to acknowledge it as a security bug.

Microsoft has no plans to patch this logical bug and says its software is "properly interpreting HTML as designed."


Tags assigned to this article:
ms word Logical Bug hackers computer Business logical bug

Advertisement

Around The World