Product Coverage and Mitigation for CVE-2013-3893

Microsoft Security Advisory (2887505)

On September 17th, 2013, Microsoft published Security Advisory 2887505, which coverers a remote code execution vulnerability in all supported versions of Microsoft Internet Explorer.   The flaw resides in the handling of objects in memory which have been deleted or improperly allocated.  Specifically, a use-after-free flaw in the HTML rendering engine (aka mshtml.dll) can be used to invoke the vulnerable state.

This flaw is currently being exploited in limited and targeted attacks.  Functional exploitation and malware artifacts have been identified in the wild.



Remediation / Mitigation


McAfee Labs

The following McAfee products / content provide coverage

  • McAfee Vulnerability Manager
    • McAfee MVM / FSL Content Release of 9/18/2013
  • McAfee Antivirus
    • Coverage is provided in the 7204 DATs, released on 9/20/2013
    • Name – Exploit-IE!heur
  • McAfee Network Intrusion Prevention Systems (NIPS)
    • UDS Emergency Release of 9/17/2013
    • UDS signature attack ID 0x4510ef00
    • Name=”UDS-HTTP: Microsoft Internet Explorer onlosecapture Use After Free Vulnerability

As new details emerge, or product coverage is updated, McAfee Labs will keep you posted.