According to reports, some researchers have found that there is a vulnerability in Microsoft Word Online Video feature and attackers use this bug to replace the iFrame code of the video with a malicious code start a phishing attack. In this post, you can learn much information about this flaw and how to protect PC against attacks.

Bug Is Discovered in Microsoft Word Online Video Feature

Researchers at Israel-based cyberattack simulation company, Cymulate, have found a bug in Microsoft Word Online Video feature. According to their findings, malicious actors can exploit this vulnerability to replace legitimate YouTube iframe code with malicious HTML/JavaScript code so as to conduct a phishing attack.

This firm has disclosed its findings and a detailed technical report in its press release on Thursday, explaining how this vulnerability works:

Hackers can use this bug by first embedding a video inside a word document. Then they exploit an unpacker like WinRAR to unpack the document to single out the file document.xml. Next, attackers can replace the iframe code of that XML file with a malicious payload.

Once you run the video that hackers have inserted, Internet Explorer will load the infected code on the medium and trigger the download of the executable files. This method is used for phishing.

“This logical bug is revealed when a user embeds a video via the ‘online video’ feature. It resides in the .xml file, where a parameter called embeddedHtml refers to a YouTube iframe code. Hackers can replace the current YouTube iframe code with malicious html /JavaScript that would be rendered by Internet Explorer.” Cymulate

Experts have tried to create such an infected file. Finally, changing the embeddedHtml parameter in the document.xml file turns out to be quite simple.

Microsoft Word Bug May Trigger Phishing Attacks

Attackers may use the vulnerability in Microsoft Word Online Video feature for malicious purposes, for example, phishing. Although today most internet users know to ignore email phishing, attackers now may trick them to open malicious Word files with YouTube videos or install a fake software update.

According to Cymulate, the document will show the embedded online video with a link to YouTube. At the same time, it disguises a hidden html/javascript code that will be running in the background and may lead to further code execution scenarios.

The target users may not suspect anything malicious by using this method since system security of Microsoft Word doesn’t pop up a window to warn about a possible threat after opening the infected document.

It is said that this bug potentially affects Microsoft Office 2016 and older versions of the software suite.

How to Protect PC against Attacks

According to SCMedia, Cymulate disclosed this bug to Microsoft three months ago but the flaw hadn’t qualified for an official CVE identifier yet. And Microsoft has responded that the product is properly interpreting HTML as designed.

Researchers say that to block any Word documents with embedded videos is the only method to mitigate the vulnerability in Microsoft Word Online Video feature at present.

Tip: In order to keep your PC safe and avoid data loss, we strongly suggest backing up your crucial files with the professional PC backup software, MiniTool ShadowMaker. Once your computer is infected by hackers attacks and experiences file loss, you can quickly get them back.
  • linkedin
  • reddit

About The Author

Vera
Vera

Position: Columnist

Vera is an editor of the MiniTool Team since 2016 who has more than 7 years’ writing experiences in the field of technical articles. Her articles mainly focus on disk & partition management, PC data recovery, video conversion, as well as PC backup & restore, helping users to solve some errors and issues when using their computers. In her spare times, she likes shopping, playing games and reading some articles.

User Comments :