Fun Fact About the "new" Office File Format and Zip Bomb

2

This is nothing new to us, all the new Office file formats is now end with an extra x (ex. .doc become .docx, .xls become .xlsx etc). In 2007, Microsoft introduced a new file format for it’s Office suite with the release of Office 2007. But little you may know, the new file format is essentially just an extra zip compressed layer that was using the Open XML file format.

Zip Bomb

So this leads to the question what is a zip-bomb? And why all the new Office file might potentially vulnerable to such attack.

This topic just came to me recently, I found it to be interesting so dig a little deeper. A zip bomb, is basically a zip file seems to be a regular file, probably small, but when decompressing the file it will expand to an enormously large file that will exceed your total free disk space available for a system. For example, according to wikipedia

a Zip bomb is the file “42.zip” which is 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 gigabyte file for a total of 4.5 petabytes of uncompressed data.

We are talking about opening petabytes of files!

So how You can make a zip bomb?

If you are fascinated by the “clever” idea behind zip-bomb and would like to try it yourself there is an excellent thread from Stackoverflow on how you can make a zip bomb.

Now going back to the topic why all the new Office file format might be vulnerable to this. It should be obvious now, because of the new file format is essential a zip file, and we’ve mentioned any zip file can be potentially a threat to become a zip bomb.

Do you need to be worried about opening your Office document?

In short, no. You probably don’t need to worry about being attacked by such, because when you try to open such document via Office it will likely detect and give you a warning. (here are some example of zip-bomb Office Excel spreadsheet you can try it yourself, download here and here) In some case, the antivirus will scan the file and detects any malicious files too.

2012-07-10_0946

But in any case, you should be caution when decompressing any unknown zip files. It could paralysis your machine when you do.

2 COMMENTS

  1. Hi! I need to open a word file that has become a decompression bomb or zip bomb. I don’t know why that happened. I was working on it and suddenly Word closed the document. Now when I try to open it a message comes out and says it can’t be opened because there are problems with the contents. My virus scanner says its a zip bomb.

    Can you help me? Thank you

LEAVE A REPLY

Please enter your comment!
Please enter your name here