Signature Detail

HTTP: Microsoft Excel Workspace Index Value Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability in the way Microsoft Excel processes files. It is a result of insufficient data validation while processing an index value in a certain BIFF record. A remote attacker can exploit this by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful attack, the behavior of the target depends on the intention of the attacker. Any code injected is executed within the security context of the currently logged in user. In an unsuccessful code execution attack, Excel terminates resulting in the loss of any unsaved data from the current session.

Extended Description

Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls). Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

Affected Products

• Avaya customer_interaction_express_(cie)_user_interface 1.0
• Avaya customer_interaction_express_(cie)_user_interface 1.0.2
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Microsoft excel_2000 SP2
• Microsoft excel_2000 SP3
• Microsoft excel_2000 SR1
• Microsoft excel_2000
• Microsoft excel_2002 SP1
• Microsoft excel_2002 SP2
• Microsoft excel_2002 SP3
• Microsoft excel_2002
• Microsoft excel_2003 SP1
• Microsoft excel_2003 SP2
• Microsoft excel_2003
• Microsoft office_2004_for_mac
• Microsoft office_excel_viewer_2003

References

• BugTraq: 25280
• CVE: CVE-2007-3890