HTTP: Microsoft Excel Sheet Name Memory Corruption
A memory corruption vulnerability has been reported in In an attack case where code injection is not successful, the Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.
Extended Description
Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability, attackers may also be able to execute arbitrary code, but this has not been confirmed. Excel 2000 and 2003 are vulnerable; other versions may also be affected.
Affected Products
Microsoft excel_2003
Short Name
HTTP:STC:DL:XLS-SHEET-NAME
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-3490 Corruption Excel Memory Microsoft Name Sheet bid:24691
Release Date
10/12/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5