Rule: 

--
Sid: 
8414

-- 
Summary: 
This event is generated when an attempt is made to exploit a known vulnerability in Microsoft Office. 

-- 
Impact: 
Serious. Code execution on the affected host may be possible.

--
Detailed Information:
Microsoft Office suffers from a programming error that may allow a remote attacker to execute code of their choosing. The flaw is present in the processing of Graphics Interchange Format (GIF) files.

It may be possible for an attacker to overflow a fixed length buffer using a malformed GIF file and execute code on the victim host in the context of the current user.

--
Affected Systems:
Microsoft 2003, 2000 and XP
Microsoft Works

--
Attack Scenarios: 
An attacker would need to supply a malformed GIF file for the user to open in an affected product.

-- 
Ease of Attack: 
Simple.

-- 
False Positives:
This event may be generated by GIF files being browsed normally on the web.

--
False Negatives:
None known.

-- 
Corrective Action: 
Apply the appropriate vendor supplied patches.

--
Contributors:
Sourcefire Vulnerability Research Team

-- 
Additional References:

--
