Microsoft out-of-band Security Advisory for Graphics Component
Microsoft has released an out-of-band bulletin Microsoft Security Advisory (2896666) on Nov 5, 2013 that addresses a vulnerability in Microsoft Graphics Component. This vulnerability affects Microsoft Windows, Microsoft Office and Microsoft Lync. The Graphics component improperly handles specially crafted TIFF images. These images can be embedded in malicious documents and thus can be served via both email or web allowing attackers to achieve remote code execution. Microsoft reports there are known targeted attacks that exploit Microsoft Office.
This vulnerability has been referred by CVE as CVE-2013-3906.
Dell SonicWALL threat team researched this vulnerability the same day and created following GAV signatures to cover the attack.
- GAV: 26249 Malformed.docx.MP.1
- GAV: 26255 Malformed.tif.MP.3
- GAV: 26278 Malformed.docx.MP.2
- GAV: 26311 CVE-2013-3906
- GAV: 26320 Sisproc.A_6
- GAV: 26388 Agent.OGZ_2
- GAV: 26391 Delf.PNS
- GAV: 26394 Webclient.A
- GAV: 26396 Spy.MT
- GAV: 26399 KeyLogger.AHKO
- GAV: 26401 Zbot.VFO
- GAV: 26404 VB.NYJ
- SPY: 4732 Malformed-File doc.MP.6
For the Microsoft vulnerabilities covered by SonicWALL, please refer to SonicWALL MAPP for details.