Signature Detail

HTTP: Microsoft Excel Null Pointer Exploit

This signature detects attempts to exploit a known vulnerability in the Microsoft Excel file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

Microsoft Excel is susceptible to two unspecified memory-corruption vulnerabilities. The issues present themselves when Microsoft Excel tries to process malformed or corrupted XLS files. Attackers may exploit these issues to crash the affected application and possibly to execute arbitrary machine code. This BID will be updated and potentially split into separate records as further information is disclosed. UPDATE (Mar 14, 2006): Microsoft has released security advisory MS06-012 addressing this and other issues.

Affected Products

• Avaya Modular Messaging (MAS) 3.0.0
• Microsoft Excel 2000 SP2
• Microsoft Excel 2000 SP3
• Microsoft Excel 2000 SR1
• Microsoft Excel 2000
• Microsoft Excel 2001 for Mac
• Microsoft Excel 2002 SP1
• Microsoft Excel 2002 SP2
• Microsoft Excel 2002 SP3
• Microsoft Excel 2002
• Microsoft Excel 2003 SP1
• Microsoft Excel 2003
• Microsoft Excel 2004 for Mac
• Microsoft Excel 95
• Microsoft Excel 97 SR1
• Microsoft Excel 97 SR2
• Microsoft Excel 97
• Microsoft Excel 98 for Mac
• Microsoft Excel v.X
• Microsoft Excel x for Mac
• Microsoft Office Excel Viewer 2003
• Nortel Networks Enterprise Network Management System
• Nortel Networks IP softphone 2050
• Nortel Networks MCS 5100 3.0.0
• Nortel Networks MCS 5200 3.0.0
• Nortel Networks Optivity Telephony Manager (OTM)

References

• BugTraq: 15926
• BugTraq: 15780
• BugTraq: 18422
• CVE: CVE-2005-4131
• CVE: CVE-2006-0028
• CVE: CVE-2006-0031
• CVE: CVE-2009-0559
• CVE: CVE-2006-3086
• CVE: CVE-2006-3014
• CVE: CVE-2006-3431
• CVE: CVE-2006-1301
• CVE: CVE-2006-1306
• CVE: CVE-2006-3875
• CVE: CVE-2006-3059
• CVE: CVE-2006-0009
• CVE: CVE-2006-0030
• CVE: CVE-2006-1308