HTTP: Microsoft Windows Folder GUID Code Execution1
This signature detects attempts to exploit a known vulnerability in Microsoft Windows. The vulnerability is caused by an error during the handling of directories containing CLSID extensions. An attacker can exploit this vulnerability by enticing a user into executing a malicious HTA file via a specially crafted web page or file share. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.
Extended Description
Microsoft Excel is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.
Affected Products
Microsoft excel_2003
References
BugTraq: 42199
URL: http://www.coresecurity.com/content/core-2010-0407-excel-pivottable-cdr-overflow
Short Name
HTTP:MS-WIN-FOLDER-GUID-CE1
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Code Execution1 Folder GUID Microsoft Windows bid:42199
Release Date
10/07/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3710
False Positive
Unknown
Vendors
Microsoft