Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:XLS-FEATHEADER |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Office Excel Featheader Record Memory Corruption |
Release Date |
2010/10/14 |
Update Number |
1792 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Office Excel Featheader Record Memory Corruption
This signature detects attempts to exploit a known code execution vulnerability in Microsoft Office Excel products. It is due to the way that Microsoft Office Excel handles specially crafted Excel files. In a successful attack, the behavior of the target is dependent on the intention of the malicious code. In an unsuccessful attack, the vulnerable application terminates abnormally.
Extended Description
Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.
Affected Products
- Microsoft excel_2002 SP1
- Microsoft excel_2002 SP2
- Microsoft excel_2002 SP3
- Microsoft excel_2003 SP1
- Microsoft excel_2003 SP2
- Microsoft excel_2003 SP3
- Microsoft excel_2003
- Microsoft excel_2007 SP1
- Microsoft excel_2007 SP2
- Microsoft excel_2007
- Microsoft excel_viewer SP1
- Microsoft excel_viewer SP2
- Microsoft office_2004_for_mac
- Microsoft office_2008_for_mac
- Microsoft office_compatibility_pack_2007 SP1
- Microsoft office_compatibility_pack_2007 SP2
- Microsoft office_compatibility_pack_2007
- Microsoft office_excel_viewer_2003 SP3
- Microsoft office_excel_viewer_2003
- Microsoft open_xml_file_format_converter_for_mac
References
- BugTraq: 36945
- CVE: CVE-2009-3129