Zero-Day Vulnerability Exploited in the Wild – Successfully Prevented by Cyvera TRAPS

By Nofar Gueta | May 8, 2013

Earlier this month (May 3^rd) Microsoft had published an advisory concerning a previously unknown vulnerability in Internet explorer 8. This vulnerability allows remote code execution in the context of the current user – if the attacker manages to exploit the vulnerability successfully, he is able to gain the rights of the current user, whether local user or administrator.

The vulnerability (CVE-2013-1347) affects only version 8 of Internet Explorer, but Microsoft had mentioned that it is aware of attacks attempting to exploit it. The exploitation of this vulnerability is based on the ability of the attacker to direct the victim into an infected website. The common way for such an action is to lure the victim into clicking a link sent to him, whether by e-mail, in an attachment or using an IM-message.

As for the moment, there is no fix available for this vulnerability. Microsoft announced that it would provide a suitable solution based on an investigation currently underway. It is currently unknown if the fix would be released as part of the company’s periodic updates or as an out-of-band update.

This advisory came soon after a report of a watering-hole attack on the Department of Labor (DoL) was reported. Shortly after the advisory publication, it has been published that the vulnerability was also used as part of another attack, targeting nuclear information research. This time the Dept. of Energy Site Exposure Matrices (SEM) websites was used as the “Watering Hole”.

Tests performed by Cyvera Labs concluded that exploitation of the aforementioned vulnerabilities is successfully prevented by Cyvera TRAPS.