Result: VBA 및 OOXML의 악성 실행 메커니즘 구현.

Microsoft Office documents are exploited as sophisticated system infiltration vectors through two distinct attack paradigms. The first is the Imperative Attack paradigm of Visual Basic for Applications (VBA), and the second is the Declarative Attack paradigm of Office Open XML (OOXML). This paper provides an in-depth analysis of the mechanisms underlying these two core attack vectors and implements and compares them through empirical experimentation. The experimental results confirmed that Imperative attacks, including Auto-Run mechanisms and Command Usurping techniques, are effectively controlled by ‘Macro Blocking’ policies. Conversely, Declarative attacks— such as Remote Template insertion and OLE (Object Linking and Embedding) object insertion—were shown to bypass vbaProject.bin analysis and macro-based warning mechanisms and to directly invoke the OS Shell. These findings indicate that analyzing Imperative attacks alone is insufficient to defend against Declarative attacks. Accordingly, this study suggests that establishing practical defensive capability requires a comprehensive strategy that includes not only VBA imperative code analysis but also the declarative structural analysis of OOXML, which is essential for practice-oriented security education. [ABSTRACT FROM AUTHOR]

Copyright of Journal of Internet Computing & Services is the property of Korean Society for Internet Information and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)