Intrusion Prevention

MS.Excel.Missing.MSO.Drawing.Group.Stack.Overrun

Description

This indicates a possible attempt to exploit a stack-overrun vulnerability in Microsoft Office Excel.
This vulnerability is caused by the software's inability to properly parse a malformed XLS file. Remote users may exploit this to execute arbitrary code.

Affected Products

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System and its Service Pack 1
Microsoft Office Excel Viewer 2003 and its Service Pack 3
Microsoft Office Excel Viewer
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac

Impact

System compromise

Recommended Actions

Apply the patch, available from the vendor's web site:
http://www.microsoft.com/technet/security/Bulletin/ms08-074.mspx

CVE References

CVE-2008-4265