Microsoft Advisory Warns of Vulnerabilities Affecting Office

The flaws exist in Autodesks FBX Software Development Kit, which is supported in Microsoft Office 2019 and Office 365 ProPlus.

Microsoft has published an advisory warning of multiple vulnerabilities in the Autodesk FBX library, which is integrated into some software including new versions of Microsoft Office.
FBX is short for Filmbox, a file format used to save motion capture data, as well as video and audio streams. The proprietary format is owned by Autodesk and supported in Microsoft Office products including Microsoft Office 2019 and Office 365 ProPlus. Because the code to process these files comes from Autodesk, the latest versions of Office are exposed to six vulnerabilities disclosed in an Autodesk
advisory
announcing patches for CVE-2020-7080 to CVE-2020-7085.
These vulnerabilities are due to a range of different programming errors that often creep into code that handles complex data objects, namely: buffer overflow, type confusion, use after free, integer overflow and null pointer dereference, Sophos researchers explain in an
analysis
.
Five out of the six flaws disclosed are remote code execution vulnerabilities. These exist in Microsoft products that use the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these flaws could achieve the same rights as the local user, Microsoft explains in its advisory. To do this, they could have to send a specially crafted file containing 3D content and convince the recipient to open it.
As Sophos points out in its blog post, a victim wont necessarily see a prompt reading do you want to download before they open or preview a bad file. They would have to interact with the malicious content, but they wouldnt see a secondary warning that may raise a red flag.
Read Microsofts full advisory
here
.
A listing of
free products and services
compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Advisory Warns of Vulnerabilities Affecting Office