HTTP: Microsoft Excel Null Pointer Exploit
This signature detects attempts to exploit a known vulnerability in the Microsoft Excel file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Extended Description
Microsoft Excel is susceptible to two unspecified memory-corruption vulnerabilities. The issues present themselves when Microsoft Excel tries to process malformed or corrupted XLS files. Attackers may exploit these issues to crash the affected application and possibly to execute arbitrary machine code. This BID will be updated and potentially split into separate records as further information is disclosed. UPDATE (Mar 14, 2006): Microsoft has released security advisory MS06-012 addressing this and other issues.
Affected Products
Microsoft excel_97
Short Name
HTTP:STC:DL:XLS-NULL-PTR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-4131 CVE-2006-0009 CVE-2006-0028 CVE-2006-0030 CVE-2006-0031 CVE-2006-1301 CVE-2006-1306 CVE-2006-1308 CVE-2006-3014 CVE-2006-3059 CVE-2006-3086 CVE-2006-3431 CVE-2006-3875 CVE-2009-0559 Excel Exploit Microsoft Null Pointer bid:15780 bid:15926 bid:18422 bid:18583
Release Date
10/04/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3730
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3
7.5
6.8
5.1