1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Excel Unicode HLINK BO

HTTP MS Excel Unicode HLINK BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Microsoft Excel.

Additional Information

Microsoft Excel is prone to a memory corruption vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer.

This issue is triggered with Excel files containing excessively long URIs in spreadsheets. If a user clicks on one of these links, a memory buffer will be overrun with the Unicode representation of the URI.

Successfully exploiting this issue causes the affected application to crash, denying service to legitimate users. It may also allow attackers to execute arbitrary code in the context of targeted users, but this has not been confirmed.

It should be noted that Microsoft Office applications include functionality to embed Office files as objects contained in other Microsoft Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vector.

Microsoft Excel versions 2002 SP3 and 2003 SP2 are vulnerable to this issue; other versions may also be affected.

Affected

  • Microsoft Excel 2002 SP3
  • Microsoft Excel 2003 SP2

Response

Currently there are no known patches or workarounds for this vulnerability. It is recommended that users upgrade to the latest version of the application, and contact the vendor for more details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube