VRT Advisories

VRT Rules 2006-09-12

Sourcefire VRT Advisory

Date: 2006-09-12


The Sourcefire VRT has continued research into a vulnerability affecting Microsoft Office documents and has updated the DocCheck tool to process xls files to determine the presence of an exploit.

Note:The DocCheck tool has also been renamed to OfficeCat to reflect the more global nature of the problem.


Microsoft Security Advisory (925059)
Microsoft Word contains a programming error that can allow a remote attacker to run code of their choosing on an affected host system via the processing of a malformed .doc file.

The OfficeCat tool has been updated to process Microsoft Office files to determine if the file contains possible exploit code for this vulnerability.

DocCheck tool download

download zip archive here

Instructions for use

  1. Unzip the archive
  2. Open a command shell
  3. Execute the tool executable with a document name for checking

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.