The Microsoft Office Visualization Tool (OffVis) – Spelunk (view, browse, peek into, etc) Microsoft Office Binary Format files
Version: 1.0 Date Published: 7/27/2009 Language: English Download Size: 421 KB - 842
The Microsoft Office Visualization Tool (OffVis) allows IT professionals, security researchers and malware protection vendors to better understand the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks. The unique, easy-to-use tool offers a comprehensive view of any Microsoft Office binary file format sample simply by hovering a cursor over it. The tool then graphically shows important data structures and records for Microsoft Office Word, Microsoft Office PowerPoint and Microsoft Office Excel. Users can then browse and click through each record.
From the above fact sheet:
About the Microsoft Office Visualization Tool
…Microsoft then offered OffVis to participants of MAPP to test. Now, MAPP partners and virus analysts use it to visualize and understand vulnerabilities, and it has helped them write detection signatures for their products. Security researchers and IT administrators now also will be able to use it to further understand file formats and identify relevant areas to invest their efforts. The tool is able to parse the complete file format and also directly identify recent publicly exploited vulnerabilities using the Common Vulnerabilities and Exposures list.
The tool is available for download at http://go.microsoft.com/fwlink/?LinkId=158791
This is a very cool tool to allow interested parties to spelunk into Microsoft Office binary files (Word/doc, Excel/xls, PowerPoint/ppt). This is a step beyond just a hex view, but instead understands and can parse the Microsoft Office binary file formats and structures.
No install required, just unzip it and run OffVis.exe (Got to love XCopy deployment’s ;)
Related Past Post XRef:
Microsoft Office (DOC, XLS, PPT) Binary File Format Specifications Released – We’re talking the full technical specification… (The [MS-DOC].pdf alone is 553 pages of very dense specification information)
DOC, XLS and PPT Binary File Format Specifications Released (plus WMF, Windows Compound File [aka OLE 2.0 Structured Storage] and Ink Serialized Format Specifications and Translator to XML news)
Microsoft Office Binary File Format Specifications Coming to a Download Near You...