Parsing bug of the week
November 5, 2013  

It’s been a while since I did one of these, because, frankly, most security vulnerability reports try to obscure the details of bugs, and it’s a lot of work to go through and verify that a bug is due to bad parsing.

Sometimes it’s easy, though, as in today’s report from Microsoft. Microsoft has done the hard work, saying that

We are aware of targeted attacks, largely in the Middle East and South Asia. … If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.

So we have a zero-day flaw that gets exploited by malformed data—that is, the data should be rejected by the parser, but isn’t.