Microsoft Office Binary File Format Validation

  • Article

Many of you are aware that Microsoft Office 2010 shipped with a feature called Office File Validation that validated untrusted binary file formats (BFF) upon load by the application. This feature increased application security and provided users with an opportunity to opt out of opening a potentially dangerous file. The Office File Validation feature will soon be a part of the Office 2003 and Office 2007 product set. You can read more about the Office 2010 File Validation experience on the Office 2010 Engineering Blog and about what to expect in the Office 2003 and 2007 products on the Office Sustained Engineering blog. The user experience will slightly vary from Office 2010 to the previous Office products, however the basic functionality is the same. It validates the binary file and presents users with either a notice via Protected View (Office 2010) or via a pop-box (Office 2003 and 2007) if the file fails validation.

We know many customers are leveraging the Microsoft Open Specifications to craft, modify, or debug their or someone else’s BFF implementation. Understanding why files failed validation can often be very challenging and difficult to determine. Shortly after the release of Office 2010, we received many questions from BFF implementers asking us why they are encountering validation errors in the new product. Office File Validation is the answer. As we increase the scope of Office File Validation with the 2003 and 2007 backport we expect to hear from more customers trying to understand why their BFF file didn’t pass validation. The intention of Office File Validation is to prevent malicious files from opening, not provide in depth debugging information, in fact it is essentially just a Boolean function that either passes or fails the file. Developing BFF files is a complex process that requires strict attention to detail and deep understanding of the Microsoft Open Specifications.

In an effort to help simplify the BFF development experience and provide more insight into why the file failed validation, the Office Interoperability team will soon release a tool called the “Microsoft Office Binary File Format Validator” (BFFValidator for short) to the Microsoft download center. BFFValidator is a very simple command line tool that will assist in the debug of the .doc, .xls, and .ppt BFF files. As with Office File Validation, BFFValidator is based off the Microsoft Open Specifications. We are targeting to release this tool before April and I will be sure to keep the blog up to date with new information about the tool and its availability. Stay tuned.