Product Coverage and Mitigation for CVE-2014-1761 (Microsoft Word)

By on Mar 25, 2014

On March 24, Microsoft released Security Advisory 2953095 for Microsoft Word. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is a memory-corruption vulnerability that can be invoked when parsing specially crafted RTF files or data. Successful exploitation can give an attacker the ability to run arbitrary code (via remote code execution). The flaw affects the following:

  • Microsoft Office Compatibility Pack Service Pack 3
  • Microsoft Office for Mac 2011
  • Microsoft Office Web Apps 2010 Service Pack 1
  • Microsoft Office Web Apps 2010 Service Pack 2
  • Microsoft Office Web Apps Server 2013
  • Microsoft Word 2003 Service Pack 3
  • Microsoft Word 2007 Service Pack 3
  • Microsoft Word 2010 Service Pack 1 (32-bit editions)
  • Microsoft Word 2010 Service Pack 1 (64-bit editions)
  • Microsoft Word 2010 Service Pack 2 (32-bit editions)
  • Microsoft Word 2010 Service Pack 2 (64-bit editions)
  • Microsoft Word 2013 (32-bit editions)
  • Microsoft Word 2013 (64-bit editions)
  • Microsoft Word 2013 RT
  • Microsoft Word Viewer
  • Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1
  • Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
  • Word Automation Services on Microsoft SharePoint Server 2013

 

Current McAfee product coverage and mitigation

  • McAfee Vulnerability Manager: The FSL/MVM package of March 24 includes a vulnerability check to assess if your systems are at risk.
  • McAfee Host Intrusion Prevention (HIPS): Generic buffer overflow protection is expected to cover code execution exploits.
  • McAfee Network Intrusion Prevention / Network Security Platform (NIPS) : The NSP release of March 27 will include coverage for this threat.
  • Stonesoft (NGFW):  Coverage is provided in Update Package 572-5211 (Released March 27, 2014)
  • McAfee VirusScan (AV): Coverage is provided as Exploit-CVE2014-1761.
  • McAfee Web Gateway (AV): Coverage is provided as Exploit-CVE2014-1761.

 

Cryptocurrency mining

Microsoft’s blog post highlights IP address 185.12.44.51 as a command and control host. This same host has multiple Bitcoin transactions associated with it as a relay. These can be queried and observed via Blockchain.info. As of this writing, the cumulative balance across the associated Bitcoin wallets is BTC 193.5043147 (about US$111,600).

3img2

 

cve_btc_1

 

 

 

Resources

 

 

About the Author

McAfee Labs

McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information.

Read more posts from McAfee Labs

Categories: McAfee Labs
Tags: , , ,

  2. Hi,
    Is there a Dat signature that will detect the exploit CVE-2014-1761 on desktop with viruscan protection ?
    thanks
    Rgds

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Similar Blogs

fiber-image Consumer

How to Keep Your Celebrations Happening – Virtually & Safely!

Jul 01, 2020
fiber-image Consumer

How Entertaining Ourselves at Home Has Become a Risky Business

Jun 30, 2020
fiber-image Consumer

Read Before You Binge-Watch: Here are the TV Shows & Movies to Look Out For

Jun 22, 2020

Subscribe to McAfee Securing Tomorrow Blogs