7047.txt

This is the snapshot of Snot Latest Rules

Rule: 

--
Sid: 
7047

-- 
Summary: 
This event is generated when an attempt is made to exploit a known vulnerability in Microsoft Excel.

-- 
Impact: 
Serious. Code execution is possible.

--
Detailed Information:
An Excel file containing an embedded chart OBJECT and an additional OBJECT (of any type) with the additional OBJECT's header length set to a large value on the same sheet can be used to gain control of execution and run code in the context of the currently logged on user.

This rule generates an event when an attempt is made to exploit this vulnerability.

--
Affected Systems:
Microsoft Office 2003

--
Attack Scenarios: 
An attacker would need to supply a specially crafted document to be opened by the user.

-- 
Ease of Attack: 
Simple.

-- 
False Positives:
THIS RULE IS LIKELY TO GENERATE FALSE POSITIVE EVENTS AND SHOULD NOT BE USED TO BLOCK IN INLINE MODE

--
False Negatives:
None known.

-- 
Corrective Action: 
Upgrade to the latest non-affected version of the product.

Apply the appropriate vendor supplied patches.

--
Contributors:
Sourcefire Vulnerability Research Team
Kevin Shivers <kevin.shivers@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--