0-Day Fixes



A vulnerability in Internet Explorer (IE) could, upon successful exploitation, allow a remote attacker to execute arbitrary code in the context of the current user within IE.

Detailed Description

UPDATE: The patch for this vulnerability was released on 9 October 2013, as detailed in: Internet Explorer cumulative security update.

Microsoft has reported about a remote code execution vulnerability in Internet Explorer (IE). The vulnerability exists when IE accesses a deleted or an improperly allocated object in memory, causing a memory corruption condition that may allow code execution in the context of a current user.

To mitigate the impact of this vulnerability, users are advised to implement some workarounds such as applying the relevant Microsoft Fix it solution ("CVE-2013-3893 MSHTML Shim Workaround"), or deploying the Enhanced Mitigation Experience Toolkit (EMET). Complete instruction is available from Microsoft Security Advisory (2887505).

F-Secure detects the files taking advantage of this vulnerability with two detections:

  1. Exploit:HTML/CVE-2013-3893.A - starting in Hydra database version 2013-09-20_06, which was released on 20 September 2013
  2. JS:Exploit.CVE-2013-3893.A - starting in Aquarius database version 2013-09-20_05, which was released on 20 September 2013

Please allow F-Secure products to block installation of files that take advantage of this vulnerability.


CVE Reference

  • CVE-2013-3893

Detected Exploit


  • Exploit:HTML/CVE-2013-3893.A
  • JS:Exploit.CVE-2013-3893.A


  • Hydra database version 2013-09-20_06 at 08:01:32 UTC
  • Aquarius database version 2013-09-20_05 at 09:07:45 UTC

Release Dates

  • 20 September 2013


Microsoft recommends users to apply the following workarounds to mitigate the impact of the vulnerability until a patch is released:

  • Apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround"
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
  • Set Internet security zone setting to "High"
  • Configure Internet Explorer to prompt before running Active Scripting, or disable Active Scripting 

For complete instructions, please refer to Microsoft Security Advisory (2887505).


Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.

Original Source

Microsoft Security Advisory (2887505)


Scan and clean your PC with F-Secure's Online Scanner. The best thing is, its free!

Learn More Try Out Now!