[Snort-sigs] 1:12070 for Word documents?

Lee Clemens snort at ...3020...
Tue Apr 15 22:23:37 EDT 2008


Hello all,

I downloaded a Word document from OWA and saw many alerts from Snort for sid
1:12070.

The signature's message is "EXPLOIT Microsoft Excel malformed version field"
and all of the links (nvd, cve, icat, bugtraq) show only Excel as being
vulnerable.

The Word document does use tables, but does not appear to use any embedded
Excel spreadsheet objects, etc.

Could this be a false positive or even an additional vulnerability for
particular Word documents?

Kind Regards,
Lee






More information about the Snort-sigs mailing list