SMTP: Microsoft Office Excel Sheet Object Type Confusion
This signature detects attempts to exploit a known code execution vulnerability exists in Microsoft Office Excel. It is due to a memory corruption error when processing a malformed BoundSheet record in an Excel spreadsheet. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the target machine by enticing a user into opening a specially crafted Excel document. In a successful attack, the behavior of the target machine depends entirely on the logic of the injected code, which runs within the security context of the logged on user. In an unsuccessful attack, the vulnerable application can terminate abnormally.
Extended Description
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."
Affected Products
Microsoft office_sharepoint_server
References
CVE: CVE-2010-0258
Short Name
SMTP:MAL:XLS-SHEET-OBJ
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2010-0258 Confusion Excel Microsoft Object Office Sheet Type
Release Date
12/21/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3675
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3