Video Screencast Help

CVE-2013-3918

Created: 12 Nov 2013 • Updated: 12 Nov 2013 | 2 comments
This issue has been solved. See solution.

Hello Folks and good day,

Does Symantec have protection available for CVE-2013-3918, which was just published yesterday by Microsoft and disclosed on Novemeber 8th?

Thanks in advance,
Danni

Operating Systems:

Comments 2 CommentsJump to latest comment

_Brian's picture

Yes, they do. Please see relevant info here:

https://www-secure.symantec.com/connect/blogs/new-...

Antivirus:
Bloodhound.Exploit.519

Intrusion Prevention System (IPS):
Web Attack: Internet Explorer CVE-2013-3918

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Mick2009's picture

You may be interested in this post from Security Response:

 

Microsoft Patch Tuesday – November 2013
https://www-secure.symantec.com/connect/blogs/microsoft-patch-tuesday-november-2013

 

One of the new patches:

MS13-090 Cumulative Security Update of ActiveX Kill Bits (2900986)

InformationCardSigninHelper Vulnerability (CVE-2013-3918) MS Rating: Critical

A remote code execution vulnerability exists in the the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

 

With thanks and best regards,

Mick