Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:XLS-AXISPARENT |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Excel Axisparent Record Index Handling Code Execution |
Release Date |
2010/10/12 |
Update Number |
1790 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Excel Axisparent Record Index Handling Code Execution
This signature detects an attempt to exploit a known code execution vulnerability in Microsoft Excel. In a successful attack where arbitrary code is attempted to be injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. In an unsuccessful attack, the application can terminate. If unexpected application termination is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data.
Extended Description
Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.
Affected Products
- Avaya messaging_application_server MM 1.1
- Avaya messaging_application_server MM 2.0
- Avaya messaging_application_server MM 3.0
- Avaya messaging_application_server MM 3.1
- Avaya messaging_application_server
- Microsoft excel_2002 SP3
- Microsoft excel_2003 SP2
- Microsoft excel_2003 SP3
- Microsoft office_2000 SP3
- Microsoft office_2004_for_mac
- Microsoft office_2008_for_mac
- Microsoft office_excel_viewer_2003
References
- BugTraq: 30638
- CVE: CVE-2008-3004