Signature Detail

HTTP: Microsoft Office Excel Binary Format Parsing Integer Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft Excel. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Excel is prone to an integer-overflow vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

Affected Products

• Microsoft excel_2000 SP2
• Microsoft excel_2000 SP3
• Microsoft excel_2000 SR1
• Microsoft excel_2000
• Microsoft excel_2000
• Microsoft excel_2002 SP1
• Microsoft excel_2002 SP2
• Microsoft excel_2002 SP3
• Microsoft excel_2002
• Microsoft excel_2003 SP1
• Microsoft excel_2003 SP2
• Microsoft excel_2003 SP3
• Microsoft excel_2003
• Microsoft excel_2004_for_mac
• Microsoft excel_2007 SP1
• Microsoft excel_2007 SP2
• Microsoft excel_2007
• Microsoft excel_2008_for_mac
• Microsoft excel_viewer SP3
• Microsoft excel_viewer
• Microsoft office_compatibility_pack_2007 SP1
• Microsoft office_compatibility_pack_2007 SP2
• Microsoft office_compatibility_pack_2007
• Microsoft office_excel_viewer_2003 SP3
• Microsoft office_excel_viewer_2003
• Microsoft open_xml_file_format_converter_for_mac
• Microsoft sharepoint_server_2007 SP1
• Microsoft sharepoint_server_2007 SP2
• Microsoft sharepoint_server_2007
• Microsoft sharepoint_server_2007_x64 SP1
• Microsoft sharepoint_server_2007_x64 SP2
• Microsoft sharepoint_server_2007_x64

References

• BugTraq: 35245
• CVE: CVE-2009-0561