Critical System Protection

 View Only
Back to Library

MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow Exploitation and Prevention part-ii 

Feb 22, 2012 11:44 AM

In MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow Exploitation and Prevention part-i, I explained how to exploit MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow vulnerability in windows. In this part i will show you how to prevent exploitation of MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow vulnerability with Symantec Critical System Protection (SCSP). 

 

Prevention of MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
 
1) I logged into my SCSP Server. Click on Prevention Tab -->  Policies.
 
2) I create one policy named Excel Buffer Overflow Prevention to prevent Excel Buffer Overflow Vulnerability in Windows.
 
    
  
3) Right Click on Policy and Click Apply policy.
 
    
  
4) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.
 
    
    
5) SCSP Prevention is enabled on Windows XP machine.
 
    
 
6) Listner is already running on attacker machine to grab connections.
 
    
 
7) Our Victim tries to open secret.xlb file again with Excel.
 
    
 
8) SCSP detects and prevents the Buffer Overflow exploit to execute on our victim machine.
 
    
 
9) The Attacker didn't get session of Victim Machine.
 
    
 
So it's possible to prevent exploitation of MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow vulnerability with Symantec Critical System Protection (SCSP). 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.