Intrusion Prevention

MS.Excel.SLK.File.Remote.Powershell.Command.Injection

Description

This indicates an attack attempt to exploit a Remote Code Injection vulnerability in MS Office Excel.
The vulnerability is due to user enable MACRO feature in MS office Excel while handling a malicious SLK file. A remote attacker can exploit this to execute arbitrary code on the target system via a crafted SLK file.

Affected Products

MS Office Excel

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Disable MACRO feature in MS Office Excel by default.
Do not enable MACRO feature when handling Excel file from unknown source.