Attacking Interoperability - An OLE Edition

by Haifei Li, Bing Sun
Sept. 18, 2017 1 comment Black Hat belen_caty Pen Testing & Audits

Object Linking and Embedding (OLE) is a technology based on Component Object Model (COM) allowing an application to embed and link to other documents or objects, and its primarily used in Microsoft Office and WordPad. In the recent years, we have seen a number of vulnerabilities, especially some critical zero-day attacks, are involving OLE. The typical examples are the "Sandworm" attack (CVE-2014-4114) that was disclosed in October 2014, and the CVE-2012-0158 - a years-old vulnerability but is still being actively exploited in the real world. However, the previous work usually focus on the vulnerability or malware but the internals of OLE are never examined. This paper intends to fill this gap. The another important part of this research is to explore the attack surface it exposes on Windows, and to explain how an attacker may possibly leverage OLE vulnerability to perform document-based exploitation.

Steven Ulm 8 months, 1 week ago

I am wondering how many people are using the Object Linking and Embedding technology without even knowing to what vulnerabilities they are exposed to...