Intrusion Prevention

MS.Excel.Drawing.Layer.Dangling.Pointer.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Use-After-Free vulnerability in Microsoft Excel.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "XLS" file. A remote attacker can exploit this to execute arbitrary code via a crafted "XLS" file.

Affected Products

Microsoft Open XML File Format Converter for Mac
Microsoft Office 2008 for Mac
Microsoft Office 2007 SP2
Microsoft Office 2007 SP1
Microsoft Office 2007
+ Microsoft Access 2007
+ Microsoft Excel 2007
+ Microsoft Groove 2007
+ Microsoft InfoPath 2007
+ Microsoft Office Communicator 2007
+ Microsoft Outlook 2007
+ Microsoft PowerPoint 2007
+ Microsoft Project Professional 2007
+ Microsoft Project Standard 2007
+ Microsoft Publisher 2007
+ Microsoft SharePoint Designer 2007
+ Microsoft Visio Professional 2007
+ Microsoft Visio Standard 2007
Microsoft Office 2004 for Mac
Microsoft Office 2003 SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1
Microsoft Office 2003
+ Microsoft Excel 2003
+ Microsoft FrontPage 2003
+ Microsoft InfoPath 2003
+ Microsoft OneNote 2003
+ Microsoft Outlook 2003
+ Microsoft PowerPoint 2003
+ Microsoft Publisher 2003
Microsoft Excel 2007 SP2
Microsoft Excel 2007 SP1
Microsoft Excel 2007

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
Microsoft Office 2008 for Mac
Microsoft Office2008-1229UpdateEN.dmg
http://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
Microsoft Office 2003 SP3
Microsoft office2003-KB2509503-FullFile-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=8b68cf68-1606-4649-b860-a64702c6cf33
Microsoft Open XML File Format Converter for Mac 0
Microsoft OpenXMLConverter119.dmg
http://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
Microsoft Office 2004 for Mac
Microsoft Office2004-1163UpdateEN.dmg
http://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office 2007 SP2
Microsoft Office2007-kb2509488-fullfile-x86-glb.exe
http://www.microsoft.com/downloads/details.aspx?familyid=dbba0cd4-ab72-4e2b-9524-fd6be27f0b02

CVE References

CVE-2011-0977