1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Excel Index Array Remote Code Exec

HTTP Excel Index Array Remote Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a malformed Excel document which may result in remote code execution.

Additional Information

Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite.

Excel is prone to a remote code-execution vulnerability when parsing malformed 'FORMAT' records in Excel files. This issue occurs because the application fails to validate index array records in Excel files.
A specially crafted file with an out-of-bounds array index will cause Excel to write a byte to arbitrary locations in stack memory.

Attackers may exploit this issue by enticing victims into opening a malicious Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube