HighIBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a specially crafted Excel file that can result in the execution of arbitrary code.
High
IBM Security Server Protection for Windows: 2.0.252.2160, IBM Security Server Protection for Windows: 1.0.914.2160, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network IDS: XPU 28.020, Proventia-G 1.1 and earlier: XPU 28.020, Proventia Network MFS: XPU 28.020, BlackICE Server Protection: 3.6.cqv, BlackICE PC Protection: 3.6cqv, RealSecure Network: XPU 28.020, RealSecure Server Sensor: XPU 28.020, Proventia Network IPS: XPU 28.020, Proventia Desktop: 2160, Proventia Server IPS for Linux technology: 28.020, Virtual Server Protection for Vmware: 1.0
Microsoft Excel Viewer: 2003, Microsoft Excel: 2004 Mac OS, Microsoft Excel: 2000 SP3, Microsoft Excel: 2002 SP3, Microsoft Excel: 2003 SP2
Unauthorized Access Attempt
Microsoft Excel could allow a remote attacker to execute arbitrary code on the system, caused improper handling of macro information within Excel files. By persuading a victim to open a specially-crafted Excel file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Advisory (947563)
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/947563.mspx
IBM Internet Security Systems Protection Alert - Feb. 12, 2008
Microsoft Excel Remote Code Execution Vulnerability
http://www.iss.net/threats/288.html
US-CERT Web site March 10, 2008 at 03:25 pm
Trojan Exploiting Microsoft Excel Vulnerability
http://www.us-cert.gov/current/archive/2008/03/11/archive.html#trojan_exploiting_microsoft_excel_vulnerability
Microsoft Security Bulletin MS08-014
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Microsoft Security Bulletin MS08-026
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
Microsoft Security Bulletin MS08-043
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
http://www.microsoft.com/technet/security/bulletin/ms08-043.mspx
Microsoft Security Bulletin MS08-051
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx
Microsoft Security Bulletin MS08-042
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
http://www.microsoft.com/technet/security/bulletin/ms08-042.mspx
Microsoft Security Bulletin MS08-052
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
Microsoft Security Bulletin MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx
Microsoft Security Bulletin MS09-004
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx
Microsoft Security Bulletin MS09-021
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
Microsoft Security Bulletin MS09-017
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx
Microsoft Security Bulletin MS09-062
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
Microsoft Security Bulletin MS09-067
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx
Microsoft Security Bulletin MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
http://www.microsoft.com/technet/security/bulletin/ms10-003.mspx
Microsoft Security Bulletin MS10-004
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
http://www.microsoft.com/technet/security/bulletin/ms10-004.mspx
Microsoft Security Bulletin MS10-017
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx
Microsoft Security Bulletin MS10-017
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx
Microsoft Security Bulletin MS10-028
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx
Microsoft Security Bulletin MS10-036
Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Microsoft Security Bulletin MS10-038
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
Microsoft Security Bulletin MS10-038
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
Microsoft Security Bulletin MS10-056
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
Microsoft Security Bulletin MS10-057
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
http://www.microsoft.com/technet/security/bulletin/ms10-057.mspx
Microsoft Security Bulletin MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx
Microsoft Security Bulletin MS10-087
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx
Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx
Microsoft Security Bulletin MS11-008
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
http://www.microsoft.com/technet/security/bulletin/ms11-008.mspx
Microsoft Security Bulletin MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx
Microsoft Security Bulletin MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx
Microsoft Security Bulletin MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
http://www.microsoft.com/technet/security/bulletin/ms11-023.mspx
Microsoft Security Bulletin MS11-045
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
http://www.microsoft.com/technet/security/bulletin/ms11-045.mspx
Microsoft Security Bulletin MS11-049
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx
Microsoft Security Bulletin MS11-060
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
http://www.microsoft.com/technet/security/bulletin/ms11-060.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS12-028
Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)
http://technet.microsoft.com/en-us/security/bulletin/ms12-028
Microsoft Security Bulletin MS12-029
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
http://technet.microsoft.com/en-us/security/bulletin/ms12-029
Microsoft Security Bulletin MS12-034
Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
http://technet.microsoft.com/en-us/security/bulletin/ms12-034
ISS X-Force
Microsoft Excel macro handling code execution
http://www.iss.net/security_center/static/39699.php
CVE
CVE-2008-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081