|Check Point Reference:||CPAI-2015-0354|
|Date Published:||26 Mar 2015|
|Last Updated:||26 Mar 2015|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents is known as the Binary Interchange File Format (BIFF), with different versions of the application supporting different versions of the format. The common extension used for Microsoft Excel documents is .xls. A memory corruption vulnerability has been reported in Microsoft Excel. The vulnerability is due to the way Microsoft Excel parses malicious XLS files containing a specially crafted sheet name. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted XLS file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In an attack case where code injection is not successful, the Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.|
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated,
update your Security Gateway product to the latest IPS update.
For information on how to update IPS, go to
Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation.
Attack Information: Microsoft Excel Sheet Name Memory Corruption - Ver2