Microsoft Office has a class attribute double-free vulnerability with a CVE ID of CVE-2022-41106, reported researchers at Talos. Microsoft has issued a patch for the vulnerability, acknowledging Talos.
Class attribute double-free vulnerability
The vulnerability exists within the class attribute functionality of Microsoft Office Excel 2019 x86, starting from version 2207 build 15427.20210 and 2202 build 14931.20660. A specially created malware file can be used to execute arbitrary code.
The report also highlights that hackers can use a malicious file to exploit the vulnerability to gain access to the class attribute with a double-free vulnerability. The version affected by the vulnerability is confirmed by Talos and is Microsoft Office Excel 2019 x86 – version 2207 build 15427.20210 and Microsoft Office Excel 365 x86 – version 2202 make 14931.20660.
“Proper heap grooming can give an attacker full control of this double-free vulnerability and as a result could allow it to be turned into arbitrary code execution,” said the Talos report. The vulnerability has not been exploited yet, said the Microsoft patch report.
Microsoft Office and vulnerabilities
In the past few months, the overall international aggregate of hacking and exploits have increased, and naturally, threat actors will come for big companies to exploit any available vulnerability. In the same sense, Microsoft Office has been the center of attention for hackers, especially after the technology company introduced Microsoft 365, a cloud-based cross-platform management software in 2010.
Among all these apps provided under Microsoft Office, the life cycle of each object within a class attribute can be seen to be allocated while the object itself is deallocated. Since deallocation can nullify the pointer, it is not applied to them with a particular object. It provides a seamless experience with multiple products for productivity in both business and personal environments.
As a result, additional checks preventing the object’s reuse are disregarded. The object is reused inside the following function: This double-free vulnerability can be fully controlled by an attacker and turned into arbitrary code execution with proper heap grooming.