Last Updated: 2013-11-05 18:28:34 UTC
by Daniel Wesemann (Version: 1)
Today, Microsoft published a research note and a security advisory covering a remote code execution vulnerability (CVE-2013-3096) that can be triggered with a malformed TIFF image. According to the write-up, the vulnerability is being actively exploited in a "very limited" number of targeted attacks that involved a Word (MS-Office) document which in turn contains the malformed TIFF image.
There is no patch yet, but the two Microsoft articles contain some information on mitigation options.