1

Can viewing and editing a potentially infected microsoft word document (with images inside) on a web-based platform like office online (OneDrive) infect my pc? How does the browser running on my machine display the content of the remotely uploaded document?

Anders
  • 64,406
  • 24
  • 178
  • 215
aleks1265
  • 33
  • 2

2 Answers2

1

As always, it depends, but viewing it online is much safer than viewing it in Microsoft Office installed on your machine.

There are two main ways a malicious office document can infect you: macros and exploits.

1. Macros

A macro is a program written in VBA that is embedded in an office document. This is the most common way of infection through office documents. Macros are not supported in office online, so they are not a cause for concern. Even if they are supported at some point in the future, the macros cannot directly do any harm since they will be operating inside the browser sandbox.

2. Exploits

An exploit targets a bug in a particular piece of software to perform some undesirable action that should not have been possible. Generally, the exploit only works against the software which it was designed to target, since only that software contains the corresponding bug/vulnerability. Which means that if the office document contains an exploit that targets MS Office, it will be completely ineffective when the document is opened in a browser.

While relatively unlikely, it is also possible that the document contains an exploit targeting the browser. In that aspect, opening the document is pretty much the same as clicking on a potentially malicious link. In other words, if you keep your browser updated and are not likely to be targeted by any sophisticated attackers or APTs, it is highly unlikely that opening the document in your browser will result in your machine being infected.

nobody
  • 11,251
  • 1
  • 41
  • 60
  • Thanks for an elaborate answer! So, in that case for an attack to be successful, a DOCX document would need to target a specific vulnerability in office online server software and then make it communicate with my browser in some malicious way in order to get to my pc an do something nasty? – aleks1265 Jan 10 '22 at 13:56
  • @amaramzi While it is possible that someone goes the route of first exploiting a flaw in the server and then your browser, it is also possible for the document to contain an exploit directly targeting your browser, without having to compromise the server first. In either case, it will need to exploit a vulnerability in your browser or OS, so keeping them updated will keep the risk of your PC getting infected very low. – nobody Jan 10 '22 at 15:47
1

Viruses targetting local Office installation should not cause harm to your system when you use Office Online because your browser only displays the image for an application running remotely.

That being said Office Online is now a rather common thing, and malware could start to target it directly. As usually, they would require a still unpatched flaw either on the remote system running the application, or or your local browser. I have no real world example of such a malware, but I would not blindly believe that nobody will ever create one...

And the mitagation is as usual to make sure to only use up to date software both on your local system and on the remote (if you have any control on that part...). And to have an up to date antivirus running on both systems.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84