Monday, July 27, 2009

The Microsoft Office Visualization Tool (OffVis) – Spelunk (view, browse, peek into, etc) Microsoft Office Binary Format files

Microsoft Downloads - The Microsoft Office Visualization Tool (OffVis) Fact Sheet

“…

Version: 1.0
Date Published: 7/27/2009
Language: English
Download Size: 421 KB - 842

 
The Microsoft Office Visualization Tool (OffVis) allows IT professionals, security researchers and malware protection vendors to better understand the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks. The unique, easy-to-use tool offers a comprehensive view of any Microsoft Office binary file format sample simply by hovering a cursor over it. The tool then graphically shows important data structures and records for Microsoft Office Word, Microsoft Office PowerPoint and Microsoft Office Excel. Users can then browse and click through each record.

…”

From the above fact sheet:

“…

About the Microsoft Office Visualization Tool 

…Microsoft then offered OffVis to participants of MAPP to test. Now, MAPP partners and virus analysts use it to visualize and understand vulnerabilities, and it has helped them write detection signatures for their products. Security researchers and IT administrators now also will be able to use it to further understand file formats and identify relevant areas to invest their efforts. The tool is able to parse the complete file format and also directly identify recent publicly exploited vulnerabilities using the Common Vulnerabilities and Exposures list.

The tool is available for download at http://go.microsoft.com/fwlink/?LinkId=158791

…”

This is a very cool tool to allow interested parties to spelunk into Microsoft Office binary files (Word/doc, Excel/xls, PowerPoint/ppt). This is a step beyond just a hex view, but instead understands and can parse the Microsoft Office binary file formats and structures.

image

No install required, just unzip it and run OffVis.exe (Got to love XCopy deployment’s ;)

image

 

Related Past Post XRef:
Microsoft Office (DOC, XLS, PPT) Binary File Format Specifications Released – We’re talking the full technical specification… (The [MS-DOC].pdf alone is 553 pages of very dense specification information)
DOC, XLS and PPT Binary File Format Specifications Released (plus WMF, Windows Compound File [aka OLE 2.0 Structured Storage] and Ink Serialized Format Specifications and Translator to XML news)
Microsoft Office Binary File Format Specifications Coming to a Download Near You...

Posted 7/27/2009 12:08:00 PM

Tags: ,

1 comment:

Kate said...

Check out the PowerPoint Facebook page for tons of helpful resources and templates! You can share your PowerPoint knowledge with novices, learn from other power users or post your questions to the Wall and get help directly from Microsoft!

http://www.facebook.com/pages/Microsoft-PowerPoint/80007646730

Also, check out the main Office page for more!
http://www.facebook.com/microsoftoffice

Cheers,
Kate
MSFT Office Outreach Team

Sun Aug 02, 09:26:00 PM PDT

Post a Comment

Subscribe to: Post Comments (Atom)