Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Pavan Thorat (Vulnerability Research)




    A week after September‘s Patch Tuesday, Microsoft rushed a “Fix It” workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks.

    As Microsoft advised, the said exploit is targeting a Use After Free Vulnerability in IE’s HTML rendering engine (mshtml.dll). While current exploits are implemented entirely in JavaScript, an attacker can choose to use other methods like Java, Flash, VBScript, etc. as well.  For more technical information about the vulnerability, one can check Microsoft’s blog post that describes the vulnerability in full detail.

    Using this vulnerability, the attacker may corrupt the memory in such a way that could allow execution of arbitrary code with the rights of the logged-in user. To do so, an attacker must persuade its victim to browse an exploit-hosting website by way of phishing, spam or social networking sites. As per the Microsoft security advisory (2887505), all Internet Explorer versions (from version 6 to 11) are affected by this vulnerability.

    Trend Micro Deep Security and Intrusion Defence Firewall (IDF) customers can use the following DPI rule to protect their hosts from attacks around (CVE-2013-3893):

    • 1005689 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)

    Users are also advised to make use of Microsoft’s “Fix It” workaround tool and avoid visiting unverified links, websites or open any email messages from unknown/dubious senders. Other workarounds – like using non-IE browsers and avoiding running as an administrator account – should also be considered. We will update this blog once we have more information about this threat.

     
    Posted in Exploits, Targeted Attacks | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice