SID 1:27634

Rule Category

FILE-OFFICE -- Snort detected traffic targeting vulnerabilities in files belonging to the Microsoft Office suite of software (Excel, PowerPoint, Word, Visio, Access, Outlook, etc.).

Alert Message

FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt

Rule Explanation

Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. Impact: CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: CVE-2006-1308: Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. CVE-2008-0320: Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream. Recommendation: Upgrade to the latest non-affected version of the software. Apply the appropriate vendor supplied patches. Ease of Attack:

What To Look For

Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].