SonicWALL Security Center
Share: Linkedin Share Facebook Like


Back to SonicALERT


Microsoft Windows IE Memory Corruption (Sept 18, 2013)



Description


Microsoft has released an advisory addressing CVE-2013-3893 on Sept 17, 2013. This vulnerability found in Microsoft Internet Explorer affects Internet Explorer versions 8 and 9 and is being used in the wild by cyber-criminals. The issue could potentially affect all supported IE versions.

It has been observed that the vulnerable event handler has been used in a JavaScript file in an Adobe Flash Tool, and the JavaScript file was manipulated by hackers. However, we didn't confirm which vulnerability the manipulated JavaScript is exploiting as the target server has stopped serving the final malicious code. The following image shows the manipulated JavaScript file:

image

A hacker can load the mentioned JavaScript file:

image

Dell SonicWALL Threat team has researched this vulnerability and released the following IPS signature:

  • 7377 Windows IE Memory Corruption Vulnerability

Dell SonicWALL has updated information on Sept 26, 2013 for this vulnerability as below.




Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#DellSecurity
© 2014 Dell | Privacy Policy | Conditions for use | Feedback  Version: 8.2.5  S1MSW03
Live Demo | SonicALERT