Hello,
today I was working in MS Excel 2007 and Defence+ blocked Excel because of a possible buffer overflow attack. Why? MS Excel is a safe application so I do not understand. Please, see screenshot attached. I have CIS (without antivirus) 3.9xxx507 installed, Eset NOD32 antivirus v. 4, Windows Vista Home Premium 32 bit.
Thank you,
Peter
PS: during the whole work with Excel it was so sloooow (not normal in my pc)
[attachment deleted by admin]
There is a chance MS excel was running a infected macro (i think not sure) does it happen always?
When it wasn’t an infection you found a bug in Excel. Is your Microsoft Office updated to the latest? If not please do so using the Office update site: http://office.microsoft.com/officeupdate/ .
Hello guys,
thank you for your reply.
I just opened new spreadsheet and created some graphs, so I do not think an infected macro could running. Just during the work with graph it was very slow and then I got buffer overflow attack.
Recently I updated to Office SP1 and SP2. Before these updates (without service packs) I think the work with Excel was without any problems. Do you think it could be a corrupted install of SP?
Thank you.
Peter
one thing for sure, there is a BO…
it won’t be the first time we will find a vulnerability with a product…
I would recreate the scenerio and inform MS asap if this is a vulnerability.
Melih
Sorry for bumping this, but I have started getting exactly the same problem in Excel 2007, with the same screen shot that the OP is getting. I’m also using Windows Vista Home Premium, but I’m using the 64-bit edition. I only get my BOA warning after setting a print area, then print preview and then closing the print preview without printing, so possibly a Microsoft error. Appreciate if you could shed any more light on this.
EDIT: I also get it when I print following a print preview
Cheers
I’m getting the same problem when working with page layout as Jimbobian was saying, however mine happens when I go from “view” tab and then click on “page layout” tab. Every time! It seems to be that combination that throws the error. It’s driving me crazy! If anyone has any suggestions please send it my way.
Even though I update my office and Microsoft Office I got the same Buffer overflow message while setting the print area in my Excel 2007 spreadsheet just 3 days ago. Is it possible that MS has not yet fixed this error? Or is it a Comodo error that interprets this action as an attack? Do does anyone else have any thoughts on this issue?
Apparently Microsoft has not fixed the buffer overflow you are experiencing. On a side note. Do you keep your Microsoft Office updated?
Comodo warns for the buffer overflow. That means that your computer is vulnerable for infection at that point. With a malware present that exploits that particular BO you would get infected. When you know your system is free of malware you can safely skip the alert.
Hi am new to the forum, but have been using CIS for a while. I recently upgraded from XP to Windows 7 32 bit, and Office 2000 to 2010. I recently started getting a Shellcode Injection alert when I clicked on the Page layout ribbon twice, which caused Comodo to close Excel. I’ve been onto Microsoft’s support line today, and their view is that the fault is with Comodo. A point to note is that I have a laptop running the all same software but 64 bit and there is no alert. I’m worried that I may have some malware/rootkit as running Sophos, GMER, Catchme all produced different results. GMER actually crashed. My internet conection has also become rather temperamental. Any ideas other than a complete reformat/reinstall? Thanks in advance.
How can you tell it is Comodo is closing down the program? I would expect to get the buffer overflow alert asking what to do. Can you describe what happens? I just tested this with my Excell 2010 and get the bo alert when I click the Page Layout button twice.
A point to note is that I have a laptop running the all same software but 64 bit and there is no alert. I'm worried that I may have some malware/rootkit as running Sophos, GMER, Catchme all produced different results. GMER actually crashed. My internet conection has also become rather temperamental. Any ideas other than a complete reformat/reinstall? Thanks in advance.Is this a different computer than the one having the bo alert in Excel?
It looks like it could be infected. You could start with How to Know If Your Computer Is Infected.
From here there are two ways to go.
Use a Dr Web’s Cure it live CD or Kaspersky Rescue CD to scan your hard drive when you are not logged in into Windows.
Or you could run the following scanners while being in Windows:
Let us know how things go.
I’ve got the same problem and I’d bet my PC is clean and healthy. It started with the installation of Office 2010. Affected are at least Word, Excel and Powerpoint (other Office 2010 applications may be affected as well; I just didn’t try).
When I click on the “File” tab I sometimes get that buffer overflow warning (see attached picture) from Defense+. Actually it says that the program (e.g. winword.exe) was trying to execute shell code and that this was the result of a possible buffer overflow attack.
But I do not get this warning each time I click the File tab, only sometimes. Mostly the Office application just stops responding and after about half a minute or so it crashes. But without the Defense+ warning. Very annoying in any case; you can’t really work this way.
BUT when I switch off Defense+ the problem seems to disappear. At least I can click the File tab and the Office application keeps on working just as it should.
Now is that a bug in Defense+ or in Office 2010? I do not know but I hope it gets fixed soon! It is not a reasonable solution to just switch off Defense+ or to permanently exclude all the Office 2010 applications from Defense+.
Please, who can look into this a little deeper?
Thanks in advance!
[attachment deleted by admin]
Cygnus. When you know for sure your system is free of malware (after using several scanners) then you can chopse to ignore the alert. It will add excel to the exclusions of shell code injection (buffer overflow) protection.
The detected buffer overflow indicates that the system is vulnerable but when your system is clean you can safely allow the application to be ignored.
Thanks Eric. Yes, I used three scanners, booted from a CD-ROM.
So it is kind of a bug in Office 2010? I thought about ignoring the alert. But that would just mean to ignore a system vulnerability, right? Doesn’t sound very reasonable to me. Shouldn’t we aim at fixing the problem instead of ignoring it? Does MS know about this vulnerability?
It is indeed a bug in Excel.
It is ignoring a vulnerability but a calculated one. An unknown program that would try to start Excel will produce an alert of D+ and will give you the opportunity to block. CIS will keep you safe. No need to worry.
I have no idea whether this bug has been reported. I don’t hang around at the MS Office support forums.
For now just ignore it. CIS will keep you safe. That’s what counts.
Thanks for the clarification, Eric. I clicked on “ignore” and it works now. Still… pardon my ignorance because I’ve got another follow-up question: Now that D+ ignores this alert (btw: only this one or any other of the same program as well?) in Excel (and Word and Powerpoint) doesn’t that mean that malware impersonating Excel (or Word or PP) could now potentially harm the system?
What do you mean with impersonating? I assume you mean malware using the same name. Malware baring the name Excel.exe Excel would not be recognised as a safe file (by checking its hash code against the on line database of safe files) and therefor you would get alerted when it wants to do stuff.
Great, that’s what I wanted to hear. Thanks again!
I’ve once posted about this in this thread.
Had the same problem with Excel 2010 Beta.
The problem still persists with the 2010 final version.
When I switch between the Home and Page Layout tabs I get this buffer overflow warning.
It makes me wonder why MS still hasn’t fixed this issue.
it seem that it is not an application bug
My excel was working well before i load the comodo internet security to replace my comodo firewall.
the message is like following attached.
Please consider
[attachment deleted by admin]