Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: *Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893

Metasploit has just released a module to exploit the currently unpatched CVE-2013-3893 vulnerability in Internet Explorer.  This vulnerability can be used for remote code execution if you can get a user to go to a specifically crafted webpage.  Microsoft has released a FixIt that should be deployed for this vulnerability for 32-bit versions of IE.  EMET is also available as a mitigating control.

With a metasploit module out there, we can now expect commodity exploitation out there available to the low-rent script kiddie community.

See our previous handlers diary on the subject by Russ McRee here.

John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting


262 Posts
ISC Handler
Oct 1st 2013

Sign Up for Free or Log In to start participating in the conversation!