Signature Detail

HTTP: Microsoft Excel Null Pointer Exploit

This signature detects attempts to exploit a known vulnerability in the Microsoft Excel file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

Microsoft Excel is susceptible to two unspecified memory-corruption vulnerabilities. The issues present themselves when Microsoft Excel tries to process malformed or corrupted XLS files. Attackers may exploit these issues to crash the affected application and possibly to execute arbitrary machine code. This BID will be updated and potentially split into separate records as further information is disclosed. UPDATE (Mar 14, 2006): Microsoft has released security advisory MS06-012 addressing this and other issues.

Affected Products

• Avaya modular_messaging_(mas) 3.0.0
• Microsoft excel_2000 SP2
• Microsoft excel_2000 SP3
• Microsoft excel_2000 SR1
• Microsoft excel_2000
• Microsoft excel_2001_for_mac
• Microsoft excel_2002 SP1
• Microsoft excel_2002 SP2
• Microsoft excel_2002 SP3
• Microsoft excel_2002
• Microsoft excel_2003 SP1
• Microsoft excel_2003
• Microsoft excel_2004_for_mac
• Microsoft excel_95
• Microsoft excel_97 SR1
• Microsoft excel_97 SR2
• Microsoft excel_97
• Microsoft excel_98_for_mac
• Microsoft excel_v.x
• Microsoft excel_x_for_mac
• Microsoft office_excel_viewer_2003
• Nortel_networks enterprise_network_management_system
• Nortel_networks ip_softphone_2050
• Nortel_networks mcs_5100 3.0.0
• Nortel_networks mcs_5200 3.0.0
• Nortel_networks optivity_telephony_manager_(otm)

References

• BugTraq: 15780
• BugTraq: 15926
• BugTraq: 18422
• BugTraq: 18583
• CVE: CVE-2005-4131
• CVE: CVE-2006-0009
• CVE: CVE-2006-0028
• CVE: CVE-2006-3014
• CVE: CVE-2006-1306
• CVE: CVE-2006-3086
• CVE: CVE-2006-3431
• CVE: CVE-2006-3059
• CVE: CVE-2006-0030
• CVE: CVE-2009-0559
• CVE: CVE-2006-0031
• CVE: CVE-2006-1308
• CVE: CVE-2006-3875
• CVE: CVE-2006-1301