Microsoft Office Excel Vulnerabilities
 |
 |
 |
 |
 |
(MS10-017)
Multiple vulnerabilities have been identified in Microsoft Excel, the popular spreadsheet in the Microsoft Office suite. A remote attacker could exploit these issues via a malformed Excel file.
These vulnerabilities are reported to affect Microsoft Excel running on Windows and are due to errors in Excel which fail to properly parse the Excel spreadsheet file format. By persuading a user to open a maliciously-crafted, malformed file, an attacker can take complete control of an affected system. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target system. All vulnerabilities are rated High.
| Vulnerability | CVE Reference | To trigger the vulnerability, a user will need to view a.. | Check Point Protection |
|---|---|---|---|
| Microsoft Excel DbOrParamQry Record Parsing | CVE-2010-0264 | crafted Excel spreadsheet file that includes a malformed DbOrParamQry record. | CPAI-2010-047 |
| Excel XLSX File Parsing | CVE-2010-0263 | crafted XLSX file. | CPAI-2010-046 |
| Microsoft Excel FNGROUPNAME Record | CVE-2010-0262 | crafted Excel spreadsheet that includes a malformed FNGROUPNAME record. | CPAI-2010-045 |
| Microsoft Excel MDXTUPLE and MDXSET Records | CVE-2010-0260 CVE-2010-0261 |
crafted Excel spreadsheet that includes a malformed MDXTUPLE or MDXSET record. | CPAI-2010-043 |
| Microsoft Excel Sheet Object Type Confusion | CVE-2010-0258 | crafted Excel spreadsheet file that includes a malformed BRAI or BIFF record. | CPAI-2010-042 |
| Microsoft Excel EntExU2 Record | CVE-2010-0257 | crafted Excel spreadsheet file that includes a malformed EntExU2 record. | CPAI-2010-041 |
Check Point provides immediate protection against exploits that use these vulnerabilities through its integrated and dedicated IPS offerings. Check Point SmartDefense, IPS Software Blade, and IPS-1 detect and block the transferring of malformed Excel files over HTTP.