Microsoft OffVis, Office Visualization Tool

Martin Brinkmann
Aug 9, 2010
Updated • Jun 27, 2017
Microsoft Office, Software
|
1

OffVis, the Microsoft Office Visualization Tool, has been designed to visualize the binary file formats doc, xls or ppt. While it has been primarily created for IT professionals and security researchers, it can have its uses for less tech savvy or security interested Office users.

The software requires the Microsoft .net Framework 2.0, but has no other dependencies besides that. Users can launch the program by clicking on OffVis.exe after unpacking the download to a local directory.

First step in the analysis of Office documents is to load a supported file format from the File menu.

OffVis Office Visualization Tool

OffVis displays the raw file content on the left side. A parser can now be selected from the parser pull down menu to parse the document that has been loaded.

microsoft offvis office visualization tool
microsoft offvis office visualization tool

If you'd like to parse only at the OLESS layer, choose "Format Library.DLL: OLESSFormat". If you'd like to attempt to parse the file as an Excel, PowerPoint, or Word file, select one of those parsers.

Parsing results are displayed on the right side, selecting an element will highlight it on the raw file content side.

The interesting aspect of the software for all users is that it can detect malicious code. It will automatically display "definitely malicious" entries in the document, if any are found.

Office users can therefore use the Office Visualization Tool to analyze binary Office formats for malicious code before executing them on their system.

The program only detects known vulnerabilities that have been patched already. The following vulnerabilities are detected:

CVE-2006-0009, PowerPoint, MS06-012 (March 2006)
CVE-2006-0022, PowerPoint, MS06-028 (June 2006)
CVE-2006-2492, Word, MS06-027 (June 2006)
CVE-2006-3434, PowerPoint, MS06-062 (October 2006)
CVE-2006-3590, PowerPoint, MS06-048 (August 2006)
CVE-2006-4534, Word, MS06-060 (October 2006)
CVE-2006-4694, PowerPoint, MS06-058 (October 2006)
CVE-2006-5994, Word, MS07-014 (February 2007)
CVE-2006-6456, Word, MS07-014 (February 2007)
CVE-2007-0515, Word, MS07-014 (February 2007)
CVE-2007-0671, Excel, MS07-015 (February 2007)
CVE-2007-0870, Word, MS07-024 (May 2007)
CVE-2008-0081, Excel, MS08-014 (March 2008)
CVE-2008-4841, Word, MS09-010 (April 2009)
CVE-2009-0238, Excel, MS09-009 (April 2009)
CVE-2009-0556,PowerPoint, MS09-017 (May 2009)

It may even make sense to run the tool, even if all the security patches have been applied to the Office software. Why? Because it can provide valuable information about a sender or the origin of the document. The OffVis software is available via direct download from Microsoft.

Summary
software image
Author Rating
1star1star1star1stargray
5 based on 1 votes
Software Name
Microsoft OffVis
Operating System
Windows
Software Category
Office
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.