ISS Coverage |
| Product |
Content Version |
Network Sensor 7.0
Proventia A
Proventia IPS (G/GX)
Server Sensor 7.0
Proventia Multifunction Appliance
Proventia Server (Linux) |
XPU 28.020 |
Proventia Server (Windows)
Proventia Desktop |
2160 |
| BlackICE PC Protection 3.6 |
cqv |
|
|
|
|
|
Detailed Description |
| Business Impact: |
X-Force has identified an unnamed web exploit toolkit in-the-wild that is now exploiting a recently patched Microsoft Excel vulnerability (MS08-014). Successful attacks will lead to code execution and malware installation. This is an interesting precedent in that it marks the first time X-Force has observed the inclusion of Microsoft Office exploitation in a web exploit kit.
While some customers may be able to react by blocking email with spreadsheet attachments through traditional email filtering means, this may not be feasible for everyone. In this case, customers should enable protection technologies like the Proventia IPS signature for this issue and deploy patches as soon as possible. |
| CVSS for XFIDs 38721 and 38722: |
Base Score: |
9.3 |
| |
Access Vector: |
Network |
| Access Complexity: |
Medium |
| Authentication: |
None |
| Confidentiality Impact: |
Complete |
| Integrity Impact: |
Complete |
| Availability Impact: |
Complete |
|
|
| Adjusted Temporal Score: |
6.9 |
| |
Exploitability: |
Unproven |
| Remediation Level: |
Official-Fix |
| Report Confidence: |
Confirmed |
| Affected Products: |
For a full list of affected versions, see references below. |
| Technical Description: |
Microsoft Excel could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified error in the handling of Excel files. An attacker could exploit this vulnerability by persuading a victim to open a specially-crafted Excel file containing malformed header information, either by hosting the document on a Web site or by sending it as an email attachment. |
| Remediation: |
Patches are not available for this issue. See References for details. |
|
References |
|
|
Revision History |
| 1.0 |
Initial publication. |
| 1.1 |
Corrected patch information. |
|
1.2
1.3
1.4
1.5
|
Corrected vulnerability disclosure date.
Added active exploitation date.
Added the latest in X-Force vulnerability tracking and observations. Refer to Business Impact and References.
Added additional signature information. |
|
|
About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
|
