How I Found 16 Microsoft Office Excel Vulnerabilities in 6 Months

In this talk, I want to share the story of how I discovered 17 Microsoft Office Excel vulnerabilities in half a year. I find these vulnerabilities by fuzzing. I will share why I pick up Microsoft Office Excel as my fuzzing target, and how to build an effective fuzzing framework step by step.

In this talk, I will share the details about how to prepare for excel fuzzing:

    • How to select fuzzing corups
    • How to choose and implement mutation algorithm
    • How to start sample and catch exceptions
    • How to triage the fuzzing results
    • How to reproduce the results
    • How to report vulnerabilities to MSRC

 I will also share some problems encountered during the fuzzing process, including:

    • How to automate clicking the dialog box that appears during the excel fuzzing process
    • How to effectively clean up the temporary files generated during the fuzzing process to reduce the size of the virtual machine
    • How to speed up execution by switching between multiple old and lastest Office versions to speed up fuzzing
    • How to adjust fuzzing strategy to speed up execution
    • How to manage the results of fuzzing and to store and classify them

With the help of the method described in this talk, after half a year, I reported more than 20 office vulnerabilities to Microsoft, and got 16 CVE acknowledgements from MSRC, including 13 remote code execution vulnerabilities and 3 information disclosure vulnerabilities.

Location: Track 1 Date: May 28, 2021 Time: 3:30 pm - 4:30 pm Quan Jin