CVE-2013-1331 – A Zero Day Disclosed

By Yiftach Keshet | June 20, 2013

Microsoft issued its weekly patch update last Tuesday, June 11, 2013, disclosing five new vulnerabilities (one critical and four important). We would like to focus on one of the vulnerabilities that was marked as ‘important’: a new MS Office vulnerability with an assigned CVE of CVE-2013-1331, attacking Microsoft Office 2003 and MS Office for Mac (2011). Exploitation of this vulnerability enables remote code execution with the same user rights as the current user.

Several exploits targeting this vulnerability have been spotted in the wild, with campaigns starting as early as 2009, meaning that CVE-2010-1331 was indeed an exploited Zero-Day vulnerability. Microsoft provided some examples of URLs invoked by the malicious Office document, and some hashes of the malicious Office binary format documents. An analysis reveals that attacks exploiting this vulnerability took place in Southeast Asia.

This recent example is another wake-up call, reminding us that Zero Days are a heavyweight component in current attacks, and emphasizing the need for a trustworthy defense solution.

Cyvera TRAPS was developed to prevent exploitation of software vulnerabilities such as the aforementioned ones, without having any prior knowledge on the exploits, since its prevention ability is not based on known signatures or behaviors (unlike traditional solutions).