Jump to content
Login new information ×
Login new information

Antivirus Softwares That are Blocking the Windows Zero-Day Flaw

Matsuda

By Matsuda
in Security & Privacy News

 Share

Recommended Posts

Matsuda

Matsuda

Posted
Posted (edited)

Antivirus.jpg

Microsoft found a major vulnerability flaw in Windows and Office that allows attackers to get the same privileges as the logged on user with the help of a compromised document.

Security institute AV-TEST analyzed three different malicious DOCX files used to exploit the vulnerability, determining that some of the anti-virus products on the market are already capable of protecting their users.

As a result, consumers are strongly recommended to update their security apps to make sure that no attack is targeting their computers until Microsoft rolls out a fully working patch for the flaw.

The following vendors have already released publicly available (static) detection signatures in their anti-malware products to protect against these known malicious files:

Avast -> TIFF:CVE-2013-3906 [Expl]
AVG -> Exploit_c.YWT (Trojan horse)
Bitdefender -> Exploit.CVE-2013-3906.Gen
ESET NOD32 -> Win32/Exploit.CVE-2013-3906.A trojan
F-Secure -> Exploit.CVE-2013-3906.Gen
G Data -> Exploit.CVE-2013-3906.Gen
Kaspersky -> Exploit.MSOffice.CVE-2013-3906.a, Exploit.OLE2.CVE-2012-1856.b
Microsoft -> Exploit:Win32/CVE-2013-3906
Norman -> Shellcode.B, Shellcode.D
Norton -> Trojan.Hantiff, Trojan.Mdropper
Sophos -> Exp/20133906-A, Troj/DocDrop-AP


UPDATE! 2013-11-08, AV-TEST has identified further samples and analyzed them now. We are currently aware of 8 different malicious DOCX files containing the CVE-2013-3906 exploit. The following AV products are able to detect all of these samples using (static) signatures:

AhnLab -> Exploit/Cve-2013-3906
AVG -> Exploit_c.YWS, Exploit_c.YWT
Avast -> TIFF:CVE-2013-3906 [Expl]
Avira -> EXP/CVE-2013-3906
Bitdefender -> Exploit.CVE-2013-3906.Gen
ClamAV -> Win.Exploit.CVE_2013_3906-2, BC.Exploit.CVE_2013_3906.CVE_2013_3906
ESET NOD32 -> Win32/Exploit.CVE-2013-3906.A
F-Secure -> Exploit.CVE-2013-3906.Gen
G Data -> Exploit.CVE-2013-3906.Gen
Kaspersky -> Exploit.MSOffice.CVE-2013-3906.a, Exploit.OLE2.CVE-2012-1856.b
McAfee -> Exploit-CVE2013-3906
Microsoft -> Exploit:Win32/CVE-2013-3906
Norman -> Shellcode.B, Shellcode.D
Norton -> Trojan.Hantiff, Trojan.Mdropper

UPDATE! 11.11.2013

Ahnlab -> Exploit/Cve-2013-3906

Avast -> TIFF:CVE-2013-3906 [Expl]
AVG -> Exploit_c.YWS, Exploit_c.YWT
Avira -> EXP/CVE-2013-3906, EXP/CVE-2013-3906.A
Bitdefender -> Exploit.CVE-2013-3906.Gen
Commtouch / F-Prot -> CVE133906
Dr.Web -> Exploit.CVE2013-3906.1, Exploit.CVE2013-3906.2
ESET NOD32 -> Win32/Exploit.CVE-2013-3906.A trojan
Fortinet-> W32/DocDrop.AP!tr, W32/MSOffice_CVE_2013_3906.A!exploit
F-Secure -> Exploit.CVE-2013-3906.Gen
G Data -> Exploit.CVE-2013-3906.Gen
Kaspersky -> Exploit.MSOffice.CVE-2013-3906.a, Exploit.OLE2.CVE-2012-1856.b
McAfee -> Exploit-CVE2013-3906 (trojan), Exploit-FMC!DE64624613FD (trojan)
Microsoft -> Exploit:Win32/CVE-2013-3906
Norman -> Shellcode.B, Shellcode.D
Norton -> Trojan.Hantiff, Trojan.Mdropper
Sophos -> Troj/DocDrop-AP
ThreatTrack -> Exploit.TIFF.CVE-2013-3906 (v)




Note: Products / vendors not listed are either not yet tested or won't provide a full coverage yet (e.g. they are only detecting some but not all of the samples).




sherlock01jiv.gifView: Original Article

Edited by Matsuda
Link to comment
Share on other sites
  • Replies 8
  • Views 2.4k
  • Created
  • Last Reply

Top Posters In This Topic

  • Matsuda

    5

  • manju

    1

  • nIGHT

    1

  • AlexCross

    1

Popular Days

Top Posters In This Topic

Popular Days

Matsuda

Matsuda

Posted
  • Author
Posted (edited)

wind0ws 8.1 and its 0ffice 2013 is also vulnerable? :rolleyes:

:uhuh:, Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010 and Microsoft Lync. :)

Edited by Matsuda
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...