HTTP: Microsoft Excel FORMAT Record Array Index Memory Corruption

There exists a code execution vulnerability in Microsoft Excel. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Extended Description

Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the application.

Affected Products

Avaya messaging_application_server,Microsoft office_2008_for_mac

Short Name
HTTP:STC:DL:XLS-FORMAT-ARRAY
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Array CVE-2008-3005 Corruption Excel FORMAT Index Memory Microsoft Record bid:30639
Release Date
10/13/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Avaya

Microsoft

CVSS Score

9.3

Found a potential security threat?