1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Excel Pivot Table RCE

Web Attack: Excel Pivot Table RCE

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a remote code execution vulnerability in Microsoft Excel by sending specially crafted Excel File

Additional Information

Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite.

Excel is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input. Parsing a 'PivotTable Cache Data' record (offset C6h) in a crafted Excel file can trigger a stack-based buffer-overflow error. Specifically, if the record's 'cfdbTot' attribute is set to '0', an invalid pointer will cause memory to become corrupted.

Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel ('.xls') file.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

Affected

  • Microsoft Excel

Response

The vendor has released an advisory and updates. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube