Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:XLS-SHEET-NAME

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Excel Sheet Name Memory Corruption

Release Date

 2010/10/12

Update Number

 1790

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Excel Sheet Name Memory Corruption


A memory corruption vulnerability has been reported in In an attack case where code injection is not successful, the Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Extended Description

Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability, attackers may also be able to execute arbitrary code, but this has not been confirmed. Excel 2000 and 2003 are vulnerable; other versions may also be affected.

Affected Products

  • Microsoft Excel 2000 SP2
  • Microsoft Excel 2003 SP2

References

  • BugTraq: 24691
  • CVE: CVE-2007-3490

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out