virus logo Intrusion Prevention

MS.Excel.SLK.File.Remote.Powershell.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Injection vulnerability in MS Office Excel.
The vulnerability is due to user enable MACRO feature in MS office Excel while handling a malicious SLK file. A remote attacker can exploit this to execute arbitrary code on the target system via a crafted SLK file.

affected-products-logoAffected Products

MS Office Excel

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Disable MACRO feature in MS Office Excel by default.
Do not enable MACRO feature when handling Excel file from unknown source.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-07-16 14.649 Default_action:pass:drop
2019-03-13 14.572 Sig Added
2019-03-01 14.564

References

https://blog.appriver.com/2018/02/trojan-droppers-using-symbolic-link-files
ID 47577
Created Mar 01, 2019
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows
Affected App MS_Office