Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Explorer 8 0-Day Update (CVE-2013-1347) - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Internet Explorer 8 0-Day Update (CVE-2013-1347)

Thanks to our reader Juha-Matti for pointing out that a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347.

Please let us know if you are running into exploits for this vulnerability.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
May 6th 2013
5 days now since release of the advisory; no "FixIt", no date for a fix, no nothing from M$, XP users (over 1/3 of all users on the Web) hung out to dry. USE ANOTHER BROWSER all the time...

160 Posts
So this is still a targeted exploit as far as I can see, there are at least 3 other versions of IE available to users that aren't vulnerable, lowering user privileges reduce risk, A/V vendors are detecting (probably web filters too). I think there's enough risk mitigation options on this one...

10 Posts
Fixit now available:
Updated with link to fixit page:
Blog on Technet announcing fixit:

24 Posts
Another reason to deploy EMET.

19 Posts
@mbrownnyc but the latest EMET requires the added risk (security & bad patches) of .NET 4.

24 Posts
Link to fix (KB2847204):

24 Posts

Sign Up for Free or Log In to start participating in the conversation!