Security Applications Blocking the Windows Zero-Day Flaw
UPDATE! 2013-11-08
AV-TEST has identified further samples and analyzed them now. We are currently aware of 8 different malicious DOCX files containing the CVE-2013-3906 exploit. The following AV products are able to detect all of these samples using (static) signatures:
AhnLab → Exploit/Cve-2013-3906
AVG → Exploit_c.YWS, Exploit_c.YWT
Avast → TIFF:CVE-2013-3906 [Expl]
Avira → EXP/CVE-2013-3906
Bitdefender → Exploit.CVE-2013-3906.Gen
ClamAV → Win.Exploit.CVE_2013_3906-2, BC.Exploit.CVE_2013_3906.CVE_2013_3906
ESET NOD32 → Win32/Exploit.CVE-2013-3906.A
F-Secure → Exploit.CVE-2013-3906.Gen
G Data → Exploit.CVE-2013-3906.Gen
Kaspersky → Exploit.MSOffice.CVE-2013-3906.a, Exploit.OLE2.CVE-2012-1856.b
McAfee → Exploit-CVE2013-3906
Microsoft → Exploit:Win32/CVE-2013-3906
Norman → Shellcode.B, Shellcode.D
Norton → Trojan.Hantiff, Trojan.Mdropper
Note: Products / vendors not listed are either not yet tested or won’t provide a full coverage yet (e.g. they are only detecting some but not all of the samples).