- #Ms office 2011 for mac email recall how to#
- #Ms office 2011 for mac email recall 64 Bit#
- #Ms office 2011 for mac email recall drivers#
- #Ms office 2011 for mac email recall portable#
Where the 2011 suite was mostly 32 bit files, largely without ASLR, the 2016 had all 64 bit files, all with ASLR. Since then we’ve been asked how Office 2016 stacks up in comparison, and it provides an excellent example of hidden benefits of an upgrade, as it has a much better risk profile than the 2011 suite. “… When we looked at scores for OSX applications, the Microsoft Office 2011 suite was at the bottom of its category, and the accompanying Microsoft AutoUpdate application was at the bottom of the whole OSX environment.
#Ms office 2011 for mac email recall drivers#
You could do things like write device drivers in COBOL. You’d then run the seventh pass manually.
#Ms office 2011 for mac email recall how to#
Also, hardware is so fast, there’s not much advantage in compiling to machine-code (it’s cheaper to just add a few more cores).Īctually, even back in the days of Burroughs COBOL, I was shown how to hack the sixth pass of the compiler (who’s output was a kind of intermediate code) to create programs that couldn’t be expressed in COBOL. So much of the code we use nowadays comes from libraries, that it really doesn’t matter much whether the rest of it is machine-code or some kind of intermediate code like p-code or bytecode. That is, it’s not a matter of what OS is being considered. “Native” in that context can be taken to mean that if you are a different design of hardware, then you can’t execute that native code. I would generally prefer to think of “native code” as what used to be called machine-code: code that could be executed directly by the hardware, without the help of any extra software. That phrase highlights the fact that whatever object code is generated, it will likely depend on some library code that is OS-dependent. You refer to code than can be executed “by the OS”. But I suspect the problem is simply that the author of the blackhat article is not a native English speaker (I think he is Dutch), and probably was not born yet when UCSD Pascal was a thing.Ĥ:15 it is a bit moot what is meant by “compiling to native code”. I don’t know whether Microsoft themselves refer to VBA object code as “p-code” or “pseudo-code” if they do, then they is ignorant. But UCSD Pascal got there about three decades earlier. Java works in much the same way the compiler produces not machine code but “bytecode”, which supposedly runs anywhere where you have a JVM. This was known as p-code, and could run on any machine for which there was a p-code interpreter (a virtual machine, in effect).
#Ms office 2011 for mac email recall portable#
The term “p-code” derives from the UCSD Pascal compiler, which compiled down not to machine code, but to a portable interpreted code. The term “pseudo-code” refers to any of a number of different notations such as “structured English”, used to quickly sketch out the shape of a program without bothering about the syntactical niceties of any particular language. There is no sense in which it is “pseudo”. The term “p-code” doesn’t refer to “pseudo-code”. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled. Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In summary: if we know the version of MS Office of a target system (e.g. If the MS Office version specified in the _VBA_PROJECT stream matches the MS Office version of the host program (Word or Excel) then the VBA source code in the module stream is ignored and the p-code is executed instead. VBA stomping abuses a feature which is not officially documented: the undocumented PerformanceCache part of each module stream contains compiled pseudo-code (p-code) for the VBA engine. The VBA stomping is the most powerful feature, because it gets around antivirus programs:
Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. Evil Clippy is a tool for creating malicious Microsoft Office macros:Īt BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents.