Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point IPS Protects Against Seven Microsoft Excel Vulnerabilities


( Microsoft Security Bulletin MS11-045 )

Summary


Seven remote code execution vulnerabilities have been discovered in Microsoft Excel. A remote attacker could exploit any of these issues to take complete control of a targeted system.

Details


Remote code execution vulnerabilities exist in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploits any of these vulnerabilities could take complete control of a targeted system. The attacker could then install programs; view, change, or delete data; and/or create new accounts with full user rights.

Affected Products


The following products are affected by one or more of these vulnerabilities:
  • Microsoft Excel 2002 Service Pack 3
  • Microsoft Excel 2003 Service Pack 3
  • Microsoft Excel 2007 Service Pack 2
  • Microsoft Excel 2010 (32-bit editions)
  • Microsoft Excel (64-bit editions)
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Microsoft Office for Mac 2011
  • Open XML File Format Converter for Mac
  • Microsoft Excel Viewer Service Pack 2
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Solution


The Check Point IPS Software Blade provides immediate network protection against all of these issues in the latest IPS update by detecting and blocking transferal of malformed Excel and SLK files via HTTP. The following table lists each vulnerability with its severity as well as the associated CVE reference and Check Point Protection.

Microsoft Excel VulnerabilitySeverity Industry Reference Check Point Protection
Memory Heap Overwrite Critical CVE-2011-1275 CPAI-2011-286
Insufficient Record Validation High CVE-2011-1272 CPAI-2011-287
SLK File Parsing code execution Critical CVE-2011-1276 CPAI-2011-289
SELECTION Record Out of Boundary Critical CVE-2011-1277 CPAI-2011-291
XF BIFF Record Out of Boundary Critical CVE-2011-1279 CPAI-2011-292
Series Integer Underflow High CVE-2011-1278 CPAI-2011-293
SerAuxTrend Record RCE Critical CVE-2011-1274 CPAI-2011-307


 

Originally Published:

Last Updated: 14-Jun-2011

Legal Notice for Threat Center Advisories