Microsoft Windows IE Memory Corruption (Sept 18, 2013)

Microsoft has released an advisory addressing CVE-2013-3893 on Sept 17, 2013. This vulnerability found in Microsoft Internet Explorer affects Internet Explorer versions 8 and 9 and is being used in the wild by cyber-criminals. The issue could potentially affect all supported IE versions.

It has been observed that the vulnerable event handler has been used in a JavaScript file in an Adobe Flash Tool, and the JavaScript file was manipulated by hackers. However, we didn’t confirm which vulnerability the manipulated JavaScript is exploiting as the target server has stopped serving the final malicious code. The following image shows the manipulated JavaScript file:

A hacker can load the mentioned JavaScript file:

Dell SonicWALL Threat team has researched this vulnerability and released the following IPS signature:

• 7377 Windows IE Memory Corruption Vulnerability

Dell SonicWALL has updated information on Sept 26, 2013 for this vulnerability as below.

• Microsoft Windows IE Vulnerability(CVE-2013-3893) attacks spotted in the Wild (September 26, 2013)
• CVE-2013-3893 exploit actively serving malware (September 26, 2013)

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.