Jump to content
akkiliON

CVE-2013-3906 : Zero Day Vulnerability in Microsoft Graphics Component

Recommended Posts

  • Active Members
Posted

Microsoft+warns+of+Zero+Day+Vulnerability+in+Office+Suite.png

Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents.

A Zero-day Remote Code Execution flaw, which has been dubbed CVE-2013-3906 , exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office users running Windows Vista and Windows Server 2008.

"The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images," it said in the post. Vulnerability was reported to Microsoft by McAfee Labs senior security researcher Haifei Li.

A successful infection can give an attacker complete control over a system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Currently the company is only aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting victims crafted Word documents with a tainted attachment.

An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content.

According to Microsoft, the exploit combines multiple techniques to bypass exploit mitigation techniques such as ASLR (DEP) and address space layout randomization (ASLR).

The affected products are:

  • Windows Vista x86, x64
  • Windows Server 2008 x86, x64, Itanium, Server Core
  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010 x86, x64
  • Microsoft Office Compatibility Pack
  • Microsoft Lync 2010 x86, x64
  • Microsoft Lync 2010 Attendee
  • Microsoft Lync 2013 x86, x64

Windows 7 and 8 and Office 2013 and Office 365 are not affected.

Microsoft released a temporary 'Fix It' workaround that could block the attack by blocking rendering of the vulnerable TIFF graphic format by way of a registry key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1

The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.

CVE-2013-3906 : Zero Day Vulnerability in Microsoft Graphics Component - The Hacker News

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...