TIFF images in MS-Office documents used in targeted attacks

Published: 2013-11-05
Last Updated: 2013-11-05 18:28:34 UTC
by Daniel Wesemann (Version: 1)
8 comment(s)

Today, Microsoft published a research note and a security advisory covering a remote code execution vulnerability (CVE-2013-3096) that can be triggered with a malformed TIFF image. According to the write-up, the vulnerability is being actively exploited in a "very limited" number of targeted attacks that involved a Word (MS-Office) document which in turn contains the malformed TIFF image.

There is no patch yet, but the two Microsoft articles contain some information on mitigation options.


8 comment(s)
Diary Archives