SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt
This event is generated when a malicious excel file that triggers a stack buffer overflow in Microsoft JET Database Engine is observed. Impact: Potential Code Execution Details: A malicious Excel file containing an invalid string length can allow an attacker to overwrite an adjacent global pointer. The resulting memcpy could allow for code execution. Ease of Attack:
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2018-8392A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393. |
|