Experts Report Vulnerability in Microsoft Word Online Video

In this post, you might learn much information about this flaw and how to protect PC against attacks.

Then they exploit an unpacker like WinRAR to unpack the document to single out the file document.xml.

Next, attackers can replace the iframe code of that XML file with a malicious payload.

This method is used for phishing.

This logical bug is revealed when a user embeds a video via the online video feature.

It resides in the .xml file, where a parameter called embeddedHtml refers to a YouTube iframe code.

Finally, changing the embeddedHtml parameter in the document.xml file turns out to be quite simple.

According to Cymulate, the document will show the embedded online video with a link to YouTube.

It is said that this bug potentially affects Microsoft Office 2016 and older versions of the software suite.

And Microsoft has responded that the product is properly interpreting HTML as designed.