Zscaler’s ThreatLabz analysis staff has found 117 distinctive vulnerabilities in Microsoft 365 functions after help for SketchUp (SKP) recordsdata was added by the tech big.
The SKP file format was launched in June 2022 in Microsoft 365 as a part of Workplace’s 3D part, to allow customers to work with extra forms of 3D file codecs when creating displays and visualizing information.
The proprietary file format has been round since 2000, to retailer the mandatory info for creating 3D fashions, and SketchUp has change into one of many prime structure software program packages on the planet.
In Workplace, SKP recordsdata could be inserted by deciding on ‘3D fashions’ within the ‘Insert’ menu after which deciding on the specified file. As soon as inserted in Microsoft 365 apps, the recordsdata are parsed utilizing particular APIs from the SketchUp SDK.
Whereas analyzing the best way Microsoft 365 parses the SKP recordsdata, Zscaler found that a number of SketchUp APIs and wrapper capabilities are invoked.
Via fuzzing, the staff recognized a complete of 20 security defects, together with heap buffer overflow, integer overflow, out-of-bounds write, stack buffer overflow, kind confusion, and use-after-free points.
Additional investigation revealed that, if a picture is embedded within the SKP file, the FreeImage third-party library is used to parse it.
FreeImage has not been up to date since 2018, and, via fuzzing, Zscaler recognized 97 distinctive vulnerabilities in it, which it then efficiently reproduced in Microsoft 365.
An attacker would have wanted to trick the focused person into opening a specifically crafted SketchUp file to take advantage of the vulnerabilities.
Microsoft issued three CVEs to trace these vulnerabilities, particularly CVE-2023-28285, CVE-2023-29344, and CVE-2023-33146, marking them as distant code execution (RCE) bugs, and launched patches for them in April, Could, and June.
Nevertheless, Zscaler says they have been capable of efficiently bypass the patches, which resulted in Microsoft briefly disabling help for the SketchUp file format.
