Coverage Information for Microsoft Security Advisory (2887505), Internet Explorer 0-day Vulnerability has published a Security Advisory (“Vulnerability in Internet Explorer Could Allow Remote Code Execution”) that discloses a new critical vulnerability in all versions of Microsoft Internet Explorer.CVE-2013-3893 This vulnerability has been seen in the wild exploited in targeted attacks and could be used by web-based attacks/ drive-by downloads and malicious advertisements known as malvertisements. This vulnerability also bypasses ASLR (Address Space Layout Randomization) protections that had been built into newer versions of IE as mitigating protections.

In response to this advisory, Palo Alto Networks has released an emergency content update (version 394) that provides detection of attempted exploitation of CVE-2013-3893:

Severity: Critical

ID: 36128

Attack Name: Microsoft Internet Explorer Use After Free Vulnerability

CVE ID: CVE-2013-3893

Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact Support.

via Coverage Information for Microsoft Security Advisory (2887505), Internet Explorer 0-day Vulnerability – Palo Alto Networks Blog.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: