HTTP: Microsoft Excel Workbook Workspace Designation Handling Code Execution
This signature detects attempts to exploit a known memory corruption vulnerability in the way Microsoft Excel processes files. An attack targeting this can result in the injection and execution of code. If code execution is successful, the behavior of the target depends on the intention of the attacker. Any code injected is executed within the security context of the currently logged in user. In an unsuccessful attack, Excel terminates resulting in the loss of any unsaved data from the current session.
Extended Description
Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls). Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.
Affected Products
Microsoft excel_2003
Short Name
HTTP:STC:DL:XLS-WORKSPACE-DES
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-3030 Code Designation Excel Execution Handling Microsoft Workbook Workspace bid:24803
Release Date
10/12/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
7.6