OffVis, the Microsoft Office Visualization Tool, has been designed to visualize the binary file formats doc, xls or ppt. While it has been primarily created for IT professionals and security researchers, it can have its uses for less tech savvy or security interested Office users.
The software requires the Microsoft .net Framework 2.0, but has no other dependencies besides that. Users can launch by clicking on OffVis.exe after unpacking the download to a local directory.
First step in the analysis of Office documents is to load a supported file format from the File menu.
OffVis displays the raw file contents on the left side. A parser can now be selected from the parser pull down menu to parse the document that has been loaded.
microsoft offvis office visualization tool
If you’d like to parse only at the OLESS layer, choose “Format Library.DLL: OLESSFormat”. If you’d like to attempt to parse the file as an Excel, PowerPoint, or Word file, select one of those parsers.
Parsing results are displayed on the right side, selecting an element will highlight it on the raw file contents side.
The interesting aspect of the software for all users is that it can detect malicious code. It will automatically display “definitely malicious” entries in the document, if any are found.
Office users can therefor use the Office Visualization Tool to analyze binary Office formats for malicious code before executing them on their system.
The program only detects known vulnerabilities that have been patched already. The following vulnerabilities are detected:
CVE-2006-0009, PowerPoint, MS06-012 (March 2006)
CVE-2006-0022, PowerPoint, MS06-028 (June 2006)
CVE-2006-2492, Word, MS06-027 (June 2006)
CVE-2006-3434, PowerPoint, MS06-062 (October 2006)
CVE-2006-3590, PowerPoint, MS06-048 (August 2006)
CVE-2006-4534, Word, MS06-060 (October 2006)
CVE-2006-4694, PowerPoint, MS06-058 (October 2006)
CVE-2006-5994, Word, MS07-014 (February 2007)
CVE-2006-6456, Word, MS07-014 (February 2007)
CVE-2007-0515, Word, MS07-014 (February 2007)
CVE-2007-0671, Excel, MS07-015 (February 2007)
CVE-2007-0870, Word, MS07-024 (May 2007)
CVE-2008-0081, Excel, MS08-014 (March 2008)
CVE-2008-4841, Word, MS09-010 (April 2009)
CVE-2009-0238, Excel, MS09-009 (April 2009)
CVE-2009-0556,PowerPoint, MS09-017 (May 2009)
It may even make sense to run the tool, even if all the security patches have been applied to the Office software. Why? Because it can provide valuable information about a sender or the origin of the document. The OffVis software is available via direct download from Microsoft.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Official Microsoft Office PDF PluginStudents: Get Microsoft Office Ultimate 2007 for $59
Microsoft Office Classic Menu Add-on
Microsoft Office Live Workspace Add-in
Microsoft Office Live Update