Signature Detail

HTTP: Microsoft Office Excel Chart Object Memory Corruption

This signature detects attempts to exploit a known vulnerability in Microsoft Office Excel. It is due to the way the product parses Excel documents, allowing for memory corruption. Remote attackers can exploit this by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current logged on user.

Extended Description

Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

Affected Products

• Avaya meeting_exchange-client_registration_server
• Avaya meeting_exchange-recording_server
• Avaya meeting_exchange-streaming_server
• Avaya meeting_exchange-web_conferencing_server
• Avaya meeting_exchange-webportal
• Avaya messaging_application_server 4
• Avaya messaging_application_server 5
• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Microsoft excel_2002 SP1
• Microsoft excel_2002 SP2
• Microsoft excel_2002 SP3
• Microsoft excel_2002
• Microsoft excel_2003 SP1
• Microsoft excel_2003 SP2
• Microsoft excel_2003 SP3
• Microsoft excel_2003
• Microsoft excel_2007 SP1
• Microsoft excel_2007 SP2
• Microsoft excel_2007
• Microsoft excel_viewer SP1
• Microsoft excel_viewer SP2
• Microsoft excel_viewer
• Microsoft office_2004_for_mac
• Microsoft office_2008_for_mac
• Microsoft office_compatibility_pack_2007 SP1
• Microsoft office_compatibility_pack_2007 SP2
• Microsoft office_compatibility_pack_2007
• Microsoft open_xml_file_format_converter_for_mac

References

• BugTraq: 40521
• BugTraq: 40520
• CVE: CVE-2010-0823
• CVE: CVE-2010-0822