Jump to content


Photo

New IE 0-Day vuln exploiting msvcrt.dll


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 November 2013 - 10:34 AM

FYI...

New IE 0-Day vuln exploiting msvcrt.dll
- https://isc.sans.edu...l?storyid=16985
Last Updated: 2013-11-09 13:41:19 UTC - "FireEye Labs has discovered an "exploit that leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution." [1] Based on their analysis, it affects IE 7, 8, 9 and 10. According to Microsoft, the vulnerability can be mitigated by EMET.[2][3] Additional information on FireEye Labs post available..."

1] http://www.fireeye.c...ole-attack.html
2] https://isc.sans.edu... download/16019
3] http://www.microsoft...s.aspx?id=39273
___

... or (once again) use an alternative browser!
 

:ph34r: :ph34r: :(


Edited by AplusWebMaster, 09 November 2013 - 11:08 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 11 November 2013 - 07:22 PM

FYI...

IE 0-Day vuln exploiting msvcrt.dll ...
- https://isc.sans.edu...l?storyid=16985
Last Updated: 2013-11-11 23:41:53 UTC ... Version: 3 - "...  Update: FireEye Labs provided additional information on the recently discovered IE zero-day exploit that is currently in the wild and has been named Trojan.APT.9002 (aka Hydraq/McRAT variant). They have published additional information on the Trojan that only runs in memory and leave very little artifacts that can help identify infected clients. Additional information about the Trojan can be found here(1) which also includes a list of domains, MD5 hash and User-Agent information.
Update 2: Microsoft is releasing tomorrow a fix for this vulnerability* (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview**..."

1) http://www.fireeye.c...ess-method.html

 

* http://blogs.technet...te-tuesday.aspx

- https://blogs.techne...Redirected=true
7 Nov 2013 - "... this release won’t include an update for the issue first described in Security Advisory 2896666..."

** https://isc.sans.edu...ums/diary/16982

- https://www.virustot...93/information/

- https://www.virustot...44/information/
___

- https://secunia.com/advisories/55611/
Last Update: 2013-11-13
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
Software: Microsoft Internet Explorer 10.x, 9.x, 8.x, 7.x
CVE Reference: https://web.nvd.nist...d=CVE-2013-3918 - 9.3 (HIGH)
... vulnerability is caused due to an error within an ActiveX control...
Solution: Apply update...
- http://technet.micro...lletin/ms13-090
Nov 12, 2013
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 29 November 2013 - 10:53 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button