Description

The Microsoft Office Visualization Tool (OffVis) is a tool from Microsoft that helps understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks.

Installation

Offvis is intended to be installed on a Windows machine. It can be downloaded from the following link: http://go.microsoft.com/fwlink/?LinkId=158791

Usage

Open your document

Open the document you wish to analyze using the menu: "File > Open Data file..."

Select the appropriate parser

Depending on the document format you're analyzing, you have the choice between following parsers:

Once you've selected a parser, click on the "Parse" button.

Analyze your document

Notice that OffVis identifies that the document is malicious (CVE-2008-0081). A quick search on the Internet (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081) helps identifying the impacted version:

Comments