Wednesday, June 12, 2013

MS13-051 / CVE-2013-1331 Office zero day patched by Microsoft

Here's some info on the now-patched (as of June 11 2013) zero day that's starting to come out.

MSFT advisory: http://technet.microsoft.com/en-us/security/bulletin/ms13-051

Details: http://blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx

Sample on VT from March 4 2013 (credit Eromang): https://www.virustotal.com/en/file/f854f057c5b7e5e9f863d94d0c81c1f8a2f1eac34dae900da52f6cadf98d923a/analysis/


And also a quick note that while no one submitted any CVE-2013-1331 samples to Cryptam before the public release, we would have detected the suspicious ScriptBridge reference in the above sample:
https://www.malwaretracker.com/docsearch.php?hash=714876fdce62371da08c139377f23d76


Update: @eromang has found samples of this exploit dating back to 2009, check out his blog post.

No comments:

Post a Comment