[Snort-sigs] 1:12070 for Word documents?
snort at ...3020...
Tue Apr 15 22:23:37 EDT 2008
I downloaded a Word document from OWA and saw many alerts from Snort for sid
The signature's message is "EXPLOIT Microsoft Excel malformed version field"
and all of the links (nvd, cve, icat, bugtraq) show only Excel as being
The Word document does use tables, but does not appear to use any embedded
Excel spreadsheet objects, etc.
Could this be a false positive or even an additional vulnerability for
particular Word documents?
More information about the Snort-sigs