Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Internet Explorer Remote Code Execution Vulnerability


Report ID: MAPP-CVE20133893
Date Published: 20 September 2013
Date Revised: 9 October 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11




Summary

A vulnerability in Internet Explorer (IE) could, upon successful exploitation, allow a remote attacker to execute arbitrary code in the context of the current user within IE.



Detailed Description

Microsoft has reported about a remote code execution vulnerability in Internet Explorer (IE). The vulnerability exists when IE accesses a deleted or an improperly allocated object in memory, causing a memory corruption condition that may allow code execution in the context of a current user.

To mitigate the impact of this vulnerability, users are advised to implement some workarounds such as applying the relevant Microsoft Fix it solution ("CVE-2013-3893 MSHTML Shim Workaround"), or deploying the Enhanced Mitigation Experience Toolkit (EMET). Complete instruction is available from Microsoft Security Advisory (2887505).

F-Secure detects the files taking advantage of this vulnerability with two detections:

  1. Exploit:HTML/CVE-2013-3893.A - starting in Hydra database version 2013-09-20_06, which was released on 20 September 2013
  2. JS:Exploit.CVE-2013-3893.A - starting in Aquarius database version 2013-09-20_05, which was released on 20 September 2013

Please allow F-Secure products to block installation of files that take advantage of this vulnerability.



CVE Reference

CVE-2013-3893



Detected Exploit

Detections
Exploit:HTML/CVE-2013-3893.A
JS:Exploit.CVE-2013-3893.A

Databases
Hydra database version 2013-09-20_06 at 08:01:32 UTC
Aquarius database version 2013-09-20_05 at 09:07:45 UTC

Release Dates
20 September 2013



Solution

Microsoft recommends users to apply the following workarounds to mitigate the impact of the vulnerability until a patch is released:

  • Apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround"
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
  • Set Internet security zone setting to "High"
  • Configure Internet Explorer to prompt before running Active Scripting, or disable Active Scripting 

For complete instructions, please refer to Microsoft Security Advisory (2887505).

 

Removal/Disinfection
Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.



Additional Info

UPDATE:
The patch for the above vulnerability has been released on 9 October 2013, as addressed in this report: Internet Explorer cumulative security update.



Online Virus Scanner

 
Run a quick online virus scan of your computer.

 

Submit a sample

Wondering if a file or URL is malicious?

Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)