Original release date: September 18, 2013
Microsoft has released Security Advisory 2887505 regarding a remote code execution vulnerability (CVE-2013-3893) impacting Internet Explorer versions 6 through 11. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. The Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents exploitation of this issue.
US-CERT encourages administrators to review Microsoft Security Advisory 2887505 and Knowledge Base article 2887505 and follow best practice security policies to determine which updates should be applied.
This product is provided subject to this Notification and this Privacy & Use policy.
On September 17, Microsoft issued an advisory reporting a new zero-day vulnerability in Internet Explorer: Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893). The advisory states that the vulnerability may corrupt memory in a way that could allow attackers to execute arbitrary code. The attack works by enticing users to visit specially crafted websites that host the vulnerability through Internet Explorer. Microsoft also states that at this time the vulnerability is known to be exploited in only a limited number of targeted attacks.
While Microsoft is yet to release a patch for this vulnerability, they have provided a temporary "Fix It” tool solution as a workaround until a security update is made available. To ensure Symantec customers are protected against this Internet Explorer zero-day, the following protection has been put in place:
Intrusion Prevention System
Symantec will continue to investigate this attack to ensure the best possible protection is in place. As always, we recommend that users keep their systems up-to-date with the latest software patches and refrain from opening any suspicious emails. We also advise customers to use the latest Symantec technologies and incorporate the latest Symantec consumer and enterprise solutions to best protect against attacks of this kind.