*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
Metasploit has just released a module to exploit the currently unpatched CVE-2013-3893 vulnerability in Internet Explorer. This vulnerability can be used for remote code execution if you can get a user to go to a specifically crafted webpage. Microsoft has released a FixIt that should be deployed for this vulnerability for 32-bit versions of IE. EMET is also available as a mitigating control.
With a metasploit module out there, we can now expect commodity exploitation out there available to the low-rent script kiddie community.
See our previous handlers diary on the subject by Russ McRee here.
UPDATED 2000 UTC by John Bambenek: Threatpost has three different attacks using the IE vulnerability which will widen the field of tools used.
--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting
Comments