Signature Detail
Short Name |
HTTP:STC:MICROSOFT-GDI-TIFF-RCE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Multiple Microsoft Products TIFF Image Parsing Remote Code Execution |
Release Date |
2013/11/11 |
Update Number |
2318 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Multiple Microsoft Products TIFF Image Parsing Remote Code Execution
This signature detects attempts to exploit a known vulnerability against multiple Microsoft products. The issue is due to incorrect parsing of certain TIFF image files by Microsoft Graphics Component module GDI+. A successful attack can lead to arbitrary code execution.
Extended Description
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Affected Products
- microsoft lync 2010 (:attendee)
- microsoft lync 2010 (:x64)
- microsoft lync 2010 (:x86)
- microsoft lync 2013 (-:x64)
- microsoft lync 2013 (-:x86)
- microsoft lync_basic 2013 (-:x64)
- microsoft lync_basic 2013 (-:x86)
- microsoft office 2003 (sp3)
- microsoft office 2007 (sp3)
- microsoft office 2010 (sp1:x64)
- microsoft office 2010 (sp1:x86)
- microsoft office 2010 (sp2:x64)
- microsoft office 2010 (sp2:x86)
- microsoft windows_server_2008 (sp2:itanium)
- microsoft windows_server_2008 (sp2:x64)
- microsoft windows_server_2008 (sp2:x86)
- microsoft windows_vista (sp2:x64)
References
- BugTraq: 63530
- BugTraq: 63530
- CVE: CVE-2013-3906