SID 1:49182

Report a false positive

Rule Category

FILE-OFFICE -- Snort detected traffic targeting vulnerabilities in files belonging to the Microsoft Office suite of software (Excel, PowerPoint, Word, Visio, Access, Outlook, etc.).

Alert Message

FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt

Rule Explanation

This event is generated when a malformed Publisher document designed to exploit MS Publisher is detected Impact: Attempted User Privilege Gain Details: The vulnerability is caused by the application using size values in OplTc records without checking their calculated sizes are within the defined izes in the parent container which are used to allocate storage. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2011-3410

Additional Links

technet.microsoft.com/en-us/security/bulletin/MS11-091

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2011-3410
 Loading description