Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Office File Malformed String Parsing Buffer Overflow (MS06-038; CVE-2006-1540) - ver 2


Check Point Reference: CPAI-2013-3726
Date Published:
Industry Reference(s): CVE-2006-1540
Protection Provided by: Security Gateway
  • R75
Who is Vulnerable?
Microsoft Access 2000
Microsoft Access 2002
Microsoft Access 2003
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft FrontPage 2000
Microsoft FrontPage 2002
Microsoft FrontPage 2003
Microsoft InfoPath 2003
Microsoft OneNote 2003
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft Project 2000
Microsoft Project 2002
Microsoft Project 2003
Microsoft Publisher 2000
Microsoft Publisher 2002
Microsoft Publisher 2003
Microsoft Visio 2002
Microsoft Visio 2003
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word Viewer 2003
Vulnerability Description
A memory corruption vulnerability has been reported in several Microsoft Office applications.
Vulnerability Details
The vulnerability can be exploited via a malformed string included in an Office file. Such a string might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site. An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution.

Protection Overview
This protection will detect and block the transferring of malformed Office files over HTTP.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Office File Malformed String Parsing Buffer Overflow (MS06-038) - ver 2 protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Microsoft Office File Malformed String Parsing Buffer Overflow (MS06-038) - ver 2