Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Endpoint Protection
View Only
Community Home
Threads
Library
Events
Members
Back to Library
New Internet Explorer Zero-day Targeted in Attacks Against Korea and Japan
1
Recommend
Oct 09, 2013 10:08 AM
A L Johnson
In Microsoft’s
Patch Tuesday
for October 2013, the company released
MS13-080
to address two critical vulnerabilities that have been actively exploited in limited targeted attacks. The first critical vulnerability in Internet Explorer, the
Microsoft Internet Explorer Memory Corruption Vulnerability
(CVE-2013-3893), was discussed in an
earlier Symantec blog
.
The second critical vulnerability for Internet Explorer is the
Microsoft Internet Explorer Memory Corruption Vulnerability
(CVE-2013-3897). In a blog post from
Microsoft
, the company describes how this issue is a use-after-free vulnerability in CDisplayPointer triggered with the onpropertychange event handler. The blog continues, explaining how the exploit uses a JavaScript heap-spray to allocate a small ROP chain around the address 0x14141414. When found in the wild, the exploit was designed to target only Internet Explorer 8 on Windows XP for the Korean and Japanese language-based users. For Symantec customers, the following protection is already in place for this attack:
Antivirus:
Trojan.Maljava
Trojan.Malscript
Backdoor.Trojan
Downloader.Tandfuy
Intrusion Prevention System:
Web Attack: Malicious JavaScript Heap Spray Generic
Symantec telemetry shows that the attack taking advantage of CVE-2013-3897 began around September 11, 2013 and that it has mainly affected South Korean users, due to how Web pages on a popular Korean blogging site were used to redirect users to the site hosting the exploit.
Symantec is continuing to investigate this attack to ensure that the best possible protection is available. As always, we recommend that users keep their systems up-to-date with the latest software patches. We also advise customers to use the latest Symantec technologies and incorporate the latest
Norton
consumer and
Symantec enterprise solutions
to best protect against attacks of this kind.
Update
–
09 October, 2013:
Symantec has released an additional IPS signature to protect against CVE-2013-3897:
Web Attack: Internet Explorer Memory Corruption CVE 2013-3897
Update – 11 October, 2013:
Symantec has released an additional AV detection to protect against CVE-2013-3897:
Bloodhound.Exploit.518
Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads
Tags and Keywords
Related Entries and Links
No Related Resource entered.
Copyright 2019. All rights reserved.
Powered by Higher Logic