Overview
Explore an in-depth analysis of exploiting Excel Online in this Black Hat conference talk. Delve into the discovery and exploitation of an integer overflow vulnerability (CVE-2018-8331) in the fnConcatenate formula. Learn how Excel formulas can be chained together to achieve remote code execution on the Office Web Application server. Examine the challenges, constraints, and techniques involved in developing this exploit, including memory leaks, string manipulation, and formula analysis. Gain insights into the security implications for online applications and understand the unique perspective of the Microsoft Security Response Center. Discover the potential risks associated with malicious documents targeting online platforms and the complexities of attacking Office Web Application servers.
Syllabus
Introduction
Office Online Server
Questions
Why Excel
Oneshot exploits
Formulas
My experience
Text join
Analysis
Exploit
Constraints
Memory Leak
Scenario
Cross Fingers
Undo
Workarounds
String Package
Checking all formulas
Graphs and charts
Read primitive
Onprem
Demo
Is it possible
QA
Taught by
Black Hat