SecPod Blog Microsoft out-of-band security updates for Office and Paint 3D

Microsoft released an out-of-band security update addressing multiple vulnerabilities that plug remote code execution vulnerabilities in an Autodesk FBX library incorporated into Microsoft Office, Office 365 ProPlus and Paint 3D applications.

Though the updates for these vulnerabilities are rated “Important” in severity, they allow remote code execution on affected products, and the vulnerabilities are tracked as CVE-2020-7080, CVE-2020-7081, CVE-2020-7082, CVE-2020-7083, CVE-2020-7084, and CVE-2020-7085.

According to Microsoft’s Tuesday advisory. “Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content”.


Following are the details of the vulnerabilities :

1) CVE-2020-7080: A buffer overflow vulnerability exists in the Autodesk FBX-SDK versions 2019.0 and earlier that might lead to arbitrary code execution. For successful exploitation of the vulnerability, an attacker could trick a user into opening a malevolent FBX file which results in exploiting a buffer overflow vulnerability in FBX’s SDK allowing to run arbitrary code on the affected system.

2) CVE-2020-7081: A type confusion vulnerability exists in the Autodesk FBX-SDK versions 2019.0 and earlier that might lead to arbitrary code execution. For successful exploitation of the vulnerability, an attacker could lure a user to open a malevolent FBX file which results in exploitation of type confusion vulnerability in FBX’s SDK, letting an attacker to read/write out-of-bounds memory location,  run arbitrary code on the affected system or leading to a denial of service (DoS).

3) CVE-2020-7082: A use-after-free vulnerability exists in the Autodesk FBX-SDK versions 2019.0 and earlier that might lead to remote code execution. For successful exploitation of the vulnerability, an attacker could persuade a user to open a maliciously crafted FBX file resulting in exploitation of the use-after-free vulnerability in FBX’s SDK allowing an application to reference a memory location which is controlled by an unauthorized third party, letting an attacker run arbitrary code on the compromised system.

4) CVE-2020-7083: An integer overflow vulnerability exists in the Autodesk FBX-SDK versions 2019.0 and earlier that might lead to denial of service(DoS) of the application. For successful exploitation of the vulnerability, an attacker could trick a user to open a noxiously crafted FBX file resulting in exploitation of an integer overflow vulnerability in FBX’s SDK leading to denial of service(DoS).

5) CVE-2020-7084: A NULL pointer dereference vulnerability exists in the Autodesk FBX-SDK versions 2019.0 and earlier that might lead to denial of service(DoS) of the application. For successful exploitation of the vulnerability, an attacker could lure a user into opening a noxious FBX file resulting in the exploitation of a Null Pointer Dereference vulnerability in FBX’s SDK causing a denial of service(DoS).

6) CVE-2020-7085: A heap overflow vulnerability exists in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution. For successful exploitation of the vulnerability, an attacker could lure the user into opening a maliciously crafted FBX file resulting in the exploitation of the heap overflow vulnerability and gain limited code execution by altering certain values in an FBX file, granting an attacker to run arbitrary code on the compromised system.


Affected Products

  • Microsoft Office 2016
  • Microsoft Office 2019
  • Office 365 ProPlus
  • Paint 3D

Solution

Microsoft has released a security advisory to fix these vulnerabilities.

SanerNow security content has been published to detect this vulnerability. We strongly recommend installing these security updates without any delay.


 

Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *