[CrowdStrike] Analysis of a CVE-2013-3906 Exploit

Dec 10, 2013 | Jason Geffner, Sr. Security Researcher

Many of CrowdStrike’s customers are often targeted by email phishing campaigns and strategic web compromises (also known as watering-hole attacks). These attacks use exploits to take advantage of vulnerable unpatched software installed on the victim’s computer. If an exploit is successful, then it will run an attacker’s payload, which will typically install malware bundled with the exploit itself and/or download malware from a remote server.