On Tuesday, November 5, 2013, Microsoft issued a Security Advisory for a graphics vulnerability exploited through Office and Word documents in multiple versions of Microsoft Office, (“Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution”), CVE-2013-3906, http://technet.microsoft.com/en-us/security/advisory/2896666. This vulnerability is exploited via targeted attacks over email by sending malformed graphics/TIFF images embedded in Microsoft Office and Word documents and affects various versions of Microsoft Office. Attacks appear to be very selective primarily in the Middle East and South Asia. We received the out-of-band notification as part of our Microsoft Active Protections Program (MAPP) participation.
In response to this advisory, Palo Alto Networks released an emergency content update (version 404) on November 6th that provides protection against attempted exploitation of CVE-2013-3906 with IPS vulnerability signature ID's 36207 and 36208. The attack signatures are both named "Microsoft Word TIFF Image Integer Overflow Vulnerability."
ID: 36207 and 36208
Attack Name: Microsoft Word TIFF Image Integer Overflow Vulnerability
CVE ID: CVE-2013-3906
Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact support.