1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Excel DbOrParamQry Record Remote Code Exec

Web Attack: Excel DbOrParamQry Record Remote Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects a vulnerability in Microsoft Excel which may result in remote code execution.

Additional Information

Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite.

Excel is prone to a remote code-execution vulnerability when parsing a specially crafted Excel ('.xls') file. This issue is triggered when the vulnerable application parses an '.xls' file containing a crafted 'DbOrParamQry' record.

Attackers can exploit this issue by enticing victims to open a malicious Excel file.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.


  • Microsoft Excel


The vendor has released an advisory and updates. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube