Signature Detail

HTTP: Microsoft Office Drawing Object Code Execution

This signature detects attempts to exploit a known vulnerability against multiple Microsoft Office applications. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Office is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing a victim into opening a malicious Office file. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

Affected Products

• Avaya Customer Interaction Express (CIE) User Interface 1.0
• Avaya Messaging Application Server
• Microsoft Office 2000 SP1
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP3
• Microsoft Office 2000
• Microsoft Office 2003 SP1
• Microsoft Office 2003 SP2
• Microsoft Office 2003
• Microsoft Office 2004 for Mac
• Microsoft Office 2007
• Microsoft Office Compatibility Pack 2007
• Microsoft Office Excel Viewer 2003
• Microsoft Office XP SP1
• Microsoft Office XP SP2
• Microsoft Office XP SP3
• Microsoft Office XP

References

• BugTraq: 23826
• CVE: CVE-2007-1747