Check Point Advisories

Microsoft Excel Substream Parsing Integer Overflow (MS11-021; CVE-2011-0097)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-152
Date Published:	30 Apr 2012
Severity:	High
Last Updated:	Friday 19 April, 2024
Source:	CVE-2011-0097
Protection Provided by:	Security Gateway R75
Who is Vulnerable?	Microsoft Excel 2002 Service Pack 3 Microsoft Excel 2003 Service Pack 3 Microsoft Excel 2007 Service Pack 2 Microsoft Excel 2010 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 Microsoft Office Excel Viewer service pack 2 Microsoft Office for Mac 2004 Microsoft Office for Mac 2008 Microsoft Open XML File Format Converter for Mac
Vulnerability Description	A use-after-free vulnerability has been reported in Microsoft Excel.
Vulnerability Details	The vulnerability is due to a failure while processing certain records in 0x400-type substreams of BIFF files. A remote attacker may exploit this issue by enticing a target user to open a specially crafted Excel file. Successful exploitation would allow an attacker to execute arbitrary code on the target system with the security privileges of the target user.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R75 / R71 / R70

In the IPS tab, click Protections and find the Microsoft Excel Substream Parsing Integer Overflow (MS11-021) protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Microsoft Excel substream parsing integer overflow (MS11-021)