HTTP: Microsoft Excel REPT Function Integer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft Excel product. It is due to improper parsing of Excel documents containing specially crafted REPT function. Remote attackers can exploit this by enticing target users to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful attack, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. In an unsuccessful attack, the vulnerable application can terminate as a result of memory corruption. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.
Extended Description
Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
Affected Products
Microsoft excel_viewer
Short Name
HTTP:STC:DL:XLS-REPT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-4019 Excel Function Integer Microsoft Overflow REPT bid:31706
Release Date
10/15/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3718
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3