Intrusion Prevention

Malformed.GIF.Header.Code.Execution

Description

This indicates an attack attempt against a buffer-overflow vulnerability in Microsoft Office.
The vulnerability is caused by an error when "GIFIMP32.FLT" handles a malicious GIF file. It allows a remote attacker to execute arbitrary code via sending a crafted GIF file.

Affected Products

Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products.

Impact

System compromise

Recommended Actions

Apply the vendor update:
http://www.microsoft.com/technet/security/Bulletin/MS06-039.mspx

CVE References

CVE-2006-0007