Check Point Advisories

Microsoft Office Excel Record Type Confusion (MS11-045; CVE-2011-1273)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-162
Date Published:	30 Apr 2012
Severity:	High
Last Updated:	Tuesday 23 April, 2024
Source:	CVE-2011-1273
Protection Provided by:	Security Gateway R75
Who is Vulnerable?	Microsoft Office Excel 2002 Service Pack 3 Microsoft Office Excel 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office Excel 2010 Microsoft Excel Viewer Service Pack 2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 Microsoft Open XML File Format Converter for Mac
Vulnerability Description	A remote code execution vulnerability has been reported in Microsoft Office Excel.
Vulnerability Details	The vulnerability is due to improper parsing of certain records leading to type confusion while handling specially crafted Excel files. A remote attacker may exploit this issue by convincing a target user to open a specially crafted Excel file with an affected version of Excel. Successful exploitation would allow an attacker to take complete control of the target system.

Protection Overview

This protection will detect and block the transferring of malformed Excel files over HTTP.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R75 / R71 / R70

In the IPS tab, click Protections and find the Microsoft Office Excel Record Type Confusion (MS11-045) protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Microsoft Office Excel Record Type Confusion (MS11-045)