HighIBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects an attempt to transfer a malicious Excel .xlsx file which could be used for remote code execution.
High
IBM Security Server Protection for Windows: 2.0.300.2490, IBM Security Server Protection for Windows: 2.1.14.2490, Proventia Network IDS: XPU 30.030, Proventia-G 1.1 and earlier: XPU 30.030, Proventia Network MFS: XPU 30.030, RealSecure Server Sensor: XPU 30.030, RealSecure Network: XPU 30.030, Proventia Desktop: 2490, Proventia Network IPS: XPU 30.030, Proventia Server IPS for Linux technology: 30.030, Virtual Server Protection for Vmware: XPU 30.030
Microsoft Office Compatibility Pack: 2007 SP1, Microsoft Excel: 2007 SP1, Microsoft SharePoint Server: 2007 SP1 x64, Microsoft SharePoint Server: 2007 SP1 x32, Microsoft Office Compatibility Pack: 2007 SP2, Microsoft Excel: 2007 SP2, Microsoft SharePoint Server: 2007 SP2 x32, Microsoft SharePoint Server: 2007 SP2 x64, Microsoft Excel Viewer: SP1, Microsoft Excel Viewer: SP2, Microsoft Office: 2008 Mac OS, Microsoft Open XML File Format Converter: Mac OS
Unauthorized Access Attempt
Microsoft Excel could allow a remote attacker to execute arbitrary code on the system, caused by the improper parsing of the Excel spreadsheet file format. By persuading a victim to open a specially-crafted XLSX file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS10-017
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx
IBM Internet Security Systems Protection Alert
Microsoft Excel XLSX code execution
http://www.iss.net/threats/363.html
ZDI-10-025
Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-025/
Microsoft Security Bulletin MS10-038
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
Microsoft Security Bulletin MS10-057
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
http://www.microsoft.com/technet/security/bulletin/ms10-057.mspx
ISS X-Force
Microsoft Excel XLSX code execution
http://www.iss.net/security_center/static/56468.php
CVE
CVE-2010-0263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0263