Dangerousness of Client-Side Code Execution with Microsoft Office
keywords: Client-side attacks, remote code execution, phishing, vulnerability, weakness, Microsoft Office macros, information security, cyber-threats, website security, web application vulnerabilities
Gaining unauthorized remote access to an environment is generally done either by exploiting a vulnerable service, or application that is internet-based; or by tricking a user into executing malicious codes. The former one is typically more simple since there is no need for any user interaction. The latter one, however, requires much more effort on the attackers' side since they must find a way to incite the victim into opening a malicious document and interacting with an HTML page in a web browser. In this paper, we will focus on the latter technique which falls into the social engineering category, as it will involve the use of a phishing attack. The reason for this selection is based on the fact that it is challenging to correct user behavior. Thus, it increases the attackers' chance of performing a successful attack, contrary to the former technique, where a simple patch, upgrade, or update can prevent the adversaries from being successful in their attacks. Since Microsoft Office is a very trusted and used software by many people (both in personal and commercial use), we will make use of its features to build our payloads and eventually to gain a remote code execution to a victim's system. Performing a successful phishing attack involves a lot of barriers that often need to be crossed such as the need for similarity, purchasing domains, the use of encoding, encryption, etc. Nowadays, companies frequently employ very aggressive antivirus software that will delete malicious files as soon as they land on their system. Therefore, bypassing the security protections will need to be taken into account, which will also be addressed in this paper.
reference: Vol. 43, 2024, No. 5, pp. 1219–1233