Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - TIFF images in MS-Office documents used in targeted attacks InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

TIFF images in MS-Office documents used in targeted attacks

Published: 2013-11-05
Last Updated: 2013-11-05 18:28:34 UTC
by Daniel Wesemann (Version: 1)
8 comment(s)


Today, Microsoft published a research note and a security advisory covering a remote code execution vulnerability (CVE-2013-3096) that can be triggered with a malformed TIFF image. According to the write-up, the vulnerability is being actively exploited in a "very limited" number of targeted attacks that involved a Word (MS-Office) document which in turn contains the malformed TIFF image.

There is no patch yet, but the two Microsoft articles contain some information on mitigation options.

 

8 comment(s)
Diary Archives