Microsoft Advisory Warns of Vulnerabilities Affecting Office

Dark Reading

The flaws exist in Autodesk's FBX Software Development Kit, which is supported in Microsoft Office 2019 and Office 365 ProPlus.
Microsoft has published an advisory warning of multiple vulnerabilities in the Autodesk FBX library, which is integrated into some software including new versions of Microsoft Office.

FBX is short for Filmbox, a file format used to save motion capture data, as well as video and audio streams. The proprietary format is owned by Autodesk and supported in Microsoft Office products including Microsoft Office 2019 and Office 365 ProPlus. Because the code to process these files comes from Autodesk, the latest versions of Office are exposed to six vulnerabilities disclosed in an Autodesk advisory announcing patches for CVE-2020-7080 to CVE-2020-7085.

"These vulnerabilities are due to a range of different programming errors that often creep into code that handles complex data objects, namely: buffer overflow, type confusion, use after free, integer overflow and null pointer dereference," Sophos researchers explain in an analysis.

Five out of the six flaws disclosed are remote code execution vulnerabilities. These exist in Microsoft products that use the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these flaws could achieve the same rights as...

Get the Morning Update

© 2020 by HealthcareCISO.