HTTP: Microsoft Office Excel MDXSET Record Heap Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft Office Excel. It is due to a flaw while parsing MDXSET records. Remote attackers can exploit this by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In a successful attack, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the logic of the malicious code. In an unsuccessful attack, the application can terminate abnormally.
Extended Description
Microsoft Excel is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.
Affected Products
Microsoft excel_viewer
Short Name
HTTP:STC:DL:XLS-MDSXET-REC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2010-0261 Excel Heap MDXSET Microsoft Office Overflow Record bid:38551
Release Date
10/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3