Signature Detail

HTTP: Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Office Excel. It is due to a flaw while parsing DbOrParamQry records. Remote attackers can exploit this by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In a successful attack, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the logic of the malicious code. In an unsuccessful attack, the vulnerable application can terminate.

Extended Description

Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims to open a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

Affected Products

• Microsoft Excel 2002 SP1
• Microsoft Excel 2002 SP2
• Microsoft Excel 2002 SP3
• Microsoft Excel 2002
• Microsoft Excel 2004 for Mac
• Microsoft Excel 2008 for Mac
• Microsoft Open XML File Format Converter for Mac

References

• BugTraq: 38555
• CVE: CVE-2010-0264