HTTP: Microsoft Excel for Asian Languages Style Handling Buffer Overflow

This signature detects attempts to exploit a known vulnerability in Microsoft Excel. The flaw is caused by insufficient checks when handling the Style record of the document, resulting in a stack buffer overflow. An attacker can leverage this vulnerability by enticing a user to open a crafted Excel Spreadsheet document, thereby injecting and executing arbitrary code. The vendor has released an updated security bulletin addressing this issue in the 2006 October patch release cycle. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Excel application will terminate. This can potentially lead to loss of data in cases where spreadsheet documents are open. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application would also most likely stop functioning as a result of such an attack.

Extended Description

Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.

Affected Products

Microsoft excel

References

BugTraq: 18872

CVE: CVE-2006-3431

Short Name

HTTP:STC:DL:MS-EXCEL-STYLE-BOF

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: Microsoft Excel for Asian Languages Style Handling Buffer Overflow

Extended Description

Affected Products

References

Found a potential security threat?