Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt

Rule Explanation

This event is generated when a malicious excel file that triggers a stack buffer overflow in Microsoft JET Database Engine is observed. Impact: Potential Code Execution Details: A malicious Excel file containing an invalid string length can allow an attacker to overwrite an adjacent global pointer. The resulting memcpy could allow for code execution. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

CVE Additional Information

CVE-2018-8392
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393.
Details
Severity Base Score7.8
Impact Score5.9 Exploit Score1.8
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorLOCAL
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessLOW
Privileges RequiredNONE