Blog Internet Security Updates and Mitigation to Microsoft Office Zero-Day Threat (CVE-2013-3906)

Updates and Mitigation to Microsoft Office Zero-Day Threat (CVE-2013-3906)

McAfee Labs

Nov 06, 2013

2 MIN READ

On November 5, Microsoft posted Security Advisory 2896666. This vulnerability, discovered by Haifei Li of McAfee Labs, affects multiple versions of Microsoft Office, Windows, and Lync. Successful exploitation could result in the ability to execute arbitrary code on a vulnerable host (a remote code execution vulnerability).

The issue (an integer overflow) lies in the handling of maliciously crafted TIFF files. A remote attacker can potentially exploit this flaw via a specially designed email message, distribution of a malicious binary, or via a maliciously crafted web page. Successful exploitation of the vulnerability will result in the attacker’s acquiring the same user rights as the current user.

Our blog post (McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office) describes the issue in further detail:

 

McAfee Product Coverage/Mitigation

  • McAfee VirusScan (Updated Nov 5)
    • MD5: 97bcb5031d28f55f20e6f3637270751d (Payload) – BackDoor-FBKI!920FEFDC36DA
    • MD5: cb28d93d9eb3c38058a24ad3b05ec3eb (Payload) – Generic Backdoor.u
    • MD5: 5ba7ed3956f76df0e12b8ae7985aa171 (Payload) – Artemis!5BA7ED3956F7
    • MD5: 5a95ca7da496d8bd22b779c4e6f41df9 (Payload) – Generic Backdoor.u
    • MD5: b44359628d7b03b68b41b14536314083 (Office Document) – Exploit-CVE2013-3906
    • MD5: 1FD4F3F063D641F84C5776C2C15E4621 (Office Document) – Exploit-CVE2013-3906
  • McAfee Network Security Platform (Updated Nov 5)
    • UDS-ShantiMalwareDetected
  • McAfee Vulnerability Manager (Updated Nov 5)
    • MVM / FSL Check to release 11/5/2013

 

General Indicators:

MD5 hash list:

  • b44359628d7b03b68b41b14536314083
  • 97bcb5031d28f55f20e6f3637270751d
  • cb28d93d9eb3c38058a24ad3b05ec3eb
  • 1FD4F3F063D641F84C5776C2C15E4621
  • 5ba7ed3956f76df0e12b8ae7985aa171
  • 5a95ca7da496d8bd22b779c4e6f41df9
  • fd75a23d8b3345e550c4a9bbc6dd2a0e
  • 4e878b13459f652a99168aad2dce7c9a
  • 6a57cda67939806359a03a86fd0eabc2
  • 1510821831c6e2bcbffba909bb48a437
  • fd75a23d8b3345e550c4a9bbc6dd2a0e
  • 654f558cf824e98dde09b197dbdfd407
  • 0d51296e5c74a22339ec8b7e318f274a
  • 701a6063458120943a6d3a4eb4440373
  • 654f558cf824e98dde09b197dbdfd407
  • 4f73248a2641a5bc1a14bda3ef11f454 (Embedded)
  • 6cad22128a105c455bd4a5152272239d (Embedded)
  • 7523a56ea1526fa027735e09bffff00e (Embedded)
  • abc311f99a72002457f28fe26bd2e59d (Embedded)
  • c035acd1c10d8b17773d23be4059754f (Embedded)
  • e6fa16d2e808103ab9bec5676146520b (Embedded)

Network:

  • h x x p: // myflatnet[.]com
  • 31[.]210[.]96[.]213
  • http query: h x x p: / / myflatnet[.]com[:]80 GET / ralph_3/ winword.exe
  • http query: h x x p: / / myflatnet[.]com[:]80 GET / new_red/ winword.exe
  • http query: h x x p: / / myflatnet[.]com[:]80 GET / bruce_3/ winword.exe
  • http query: h x x p: / / myflatnet[.]com[:]80 GET / blue / winword.exe

 

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.

FacebookTwitterInstagramLinkedINYouTubeRSS
McAfee Labs Threat Research Team

McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.

More from Internet Security

This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers
Whether it be that their shoes are too tight, their heads aren’t screwed on just right, or they’re expressing a...

Nov 25, 2024   |   7 MIN READ

How to Protect Your Social Media Passwords with Multi-factor Verification
Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to...

Nov 22, 2024   |   4 MIN READ

How to Recognize a Phishing Email
Phishing is a cybercrime that aims to steal your sensitive information. Scammers disguise themselves as major corporations or other trustworthy...

Nov 20, 2024   |   9 MIN READ

How to Secure Your Digital Wallet
Before you ditch your physical wallet for a digital one, make sure you follow these digital wallet...

Nov 15, 2024   |   5 MIN READ

How to Protect Yourself from Bank Fraud
More and more transactions occur over the internet rather than at a teller’s window, and nearly every...

Nov 13, 2024   |   8 MIN READ

What Is a Botnet?
What is a botnet? And what does it have to do with a toaster? We’ll get to...

Nov 12, 2024   |   10 MIN READ

Safeguarding Those Who Served: Cybersecurity Challenges for Veterans
As we honor Veterans Day, it’s crucial to recognize not only the sacrifices made by those who...

Nov 11, 2024   |   6 MIN READ

How To Protect Yourself from Black Friday and Cyber Monday AI Scams 
As Black Friday approaches, eager bargain hunters are gearing up to snag the best deals online. But...

Nov 04, 2024   |   5 MIN READ

Gift Card Scams — The Gift That Keeps on Taking
Crooks love a good gift card scam. It’s like stealing cash right out of your pocket.  That...

Nov 04, 2024   |   8 MIN READ

How To Survive the Deepfake Election with McAfee’s 2024 Election AI Toolkit
As malicious deepfakes continue to flood our screens with disinformation during this election year, we’ve released our...

Oct 28, 2024   |   6 MIN READ

How to Delete Your TikTok Account
Thinking about deleting your TikTok account? We can show you how. Before we get to that, you...

Oct 22, 2024   |   6 MIN READ

How to Avoid Oversharing on Social Media
What is oversharing on social media? And how do you avoid it? Oversharing on social media takes...

Oct 18, 2024   |   8 MIN READ

Back to top