The time between discovery of a vulnerability and the emergence of an exploit keeps getting shorter—sometimes a matter of only hours. This increases pressure on IT managers to rapidly patch production systems in conflict with configuration management and best practices for quality assurance. Many organizations struggle to keep up with the constant release of new patches and updates.
Last Tuesday, June 11, 2013, Microsoft released a security bulletin (MS13-051) which covers a number of vulnerabilities. One of the vulnerabilities has reportedly been exploited in targeted attacks. Attackers can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign.
Microsoft Office PNG File CVE-2013-1331 Buffer Overflow Vulnerability (CVE-2013-1331)—a remote stack-based buffer overflow vulnerability in Microsoft Office that allows remote code execution. It is confirmed to affect Microsoft Office 2011 for Mac and Microsoft Office 2003 for all Windows platforms.
Symantec currently has the following detections in place for this vulnerability:
Antivirus Signature
Intrusion Prevention Signature
- Web Attack: Microsoft Office CVE-2013-1331 2
- System Infected: Trojan Backdoor Activity 12
We continue to monitor this threat to improve coverage and will provide any relevant updates when possible. Symantec strongly advise users to update their antivirus definitions regularly and ensure the latest Microsoft patches are installed: