Check Point Advisories

Microsoft Excel Sheet Name Memory Corruption - Ver2 (CVE-2007-3490)

Check Point Reference: CPAI-2015-0354
Date Published: 26 Mar 2015
Severity: High
Last Updated: 26 Mar 2015
Industry Reference:CVE-2007-3490
Protection Provided by:

Security Gateway
R77, R76, R75

Who is Vulnerable?
Vulnerability Description Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents is known as the Binary Interchange File Format (BIFF), with different versions of the application supporting different versions of the format. The common extension used for Microsoft Excel documents is .xls. A memory corruption vulnerability has been reported in Microsoft Excel. The vulnerability is due to the way Microsoft Excel parses malicious XLS files containing a specially crafted sheet name. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted XLS file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In an attack case where code injection is not successful, the Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated,
update your Security Gateway product to the latest IPS update.

For information on how to update IPS, go to

Protection tab and select the version of your choice.

Security Gateway R77 / R76 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Microsoft Excel Sheet Name Memory Corruption - Ver2 protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

SmartView Tracker will log the following entries:

Attack Name:  Content Protection Violation.
Attack Information:  Microsoft Excel Sheet Name Memory Corruption - Ver2

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO