MS.Excel.SLK.File.Remote.Powershell.Command.Injection
Description
This indicates an attack attempt to exploit a Remote Code Injection vulnerability in MS Office Excel.
The vulnerability is due to user enable MACRO feature in MS office Excel while handling a malicious SLK file. A remote attacker can exploit this to execute arbitrary code on the target system via a crafted SLK file.
Affected Products
MS Office Excel
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Disable MACRO feature in MS Office Excel by default.
Do not enable MACRO feature when handling Excel file from unknown source.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |