The Latest in IT Security

New Internet Explorer Zero-day Targeted in Attacks against Korea and Japan

09
Oct
2013

In Microsoft’s Patch Tuesday for October 2013, the company released MS13-080 to address two critical vulnerabilities that have been actively exploited in limited targeted attacks. The first critical vulnerability in Internet Explorer, the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893), was discussed in an earlier Symantec blog.
 
The second critical vulnerability for Internet Explorer is the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3897). In a blog post from Microsoft, the company describes how this issue is a use-after-free vulnerability in CDisplayPointer triggered with the onpropertychange event handler. The blog continues, explaining how the exploit uses a JavaScript heap-spray to allocate a small ROP chain around the address 0x14141414. When found in the wild, the exploit was designed to target only Internet Explorer 8 on Windows XP for the Korean and Japanese language-based users. For Symantec customers, the following protection is already in place for this attack  
 
Antivirus:

 
Intrusion Prevention System:

 
Symantec telemetry shows that the attack taking advantage of CVE-2013-3897 began around September 11, 2013 and that it has mainly affected South Korean users, due to how Web pages on a popular Korean blogging site were used to redirect users to the site hosting the exploit.  
 
Symantec is continuing to investigate this attack to ensure that the best possible protection is available. As always, we recommend that users keep their systems up-to-date with the latest software patches. We also advise customers to use the latest Symantec technologies and incorporate the latest Norton consumer and Symantec enterprise solutions to best protect against attacks of this kind.
 

Leave a reply


Categories

MONDAY, NOVEMBER 18, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments