CVE-2013-3893

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 11

Description A use-after-free issue in the SetMouseCapture implementation in mshtml.dll allows remote attackers to execute arbitrary code via crafted JavaScript strings. This could corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user. There have been real-world incidents where this issue was exploited, including attacks by the APT17 group targeting national companies and government institutions with the 9002 RAT malware. The attacks involved phishing lures that tricked recipients into downloading a malicious Skype for Business installer, which then executed a Java archive file to launch the 9002 RAT. The 9002 RAT has features such as network traffic monitoring, screenshot creation, file scanning, process management, and executing additional commands received from the command and control server.

Recommendations For Microsoft Internet Explorer versions 6 through 11, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling JavaScript execution in Internet Explorer until a patch is available. Restrict access to suspicious links and attachments to minimize the risk of exploitation. Avoid using links from untrusted sources, especially those that prompt for the installation of software.