FILE-OFFICE -- Snort detected traffic targeting vulnerabilities in files belonging to the Microsoft Office suite of software (Excel, PowerPoint, Word, Visio, Access, Outlook, etc.).
FILE-OFFICE Microsoft Office Excel remote code execution attempt
This event is generated when remote code execution is attempted in MS Excel by using UAF vulnerability
Attempted User Privilege Gain
A use-after-free vulnerability exists when MS excel moves the content from Protected Mode to Compatibility Mode. If attacker can control the freed objects during transition; it could lead to remote code execution
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-1026A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030.
||Ease of Access||