FYI...IE 0-Day vuln exploiting msvcrt.dll
Last Updated: 2013-11-11 23:41:53 UTC ... Version: 3 - "... Update: FireEye Labs provided additional information on the recently discovered IE zero-day exploit that is currently in the wild and has been named Trojan.APT.9002 (aka Hydraq/McRAT variant). They have published additional information on the Trojan that only runs in memory and leave very little artifacts that can help identify infected clients. Additional information about the Trojan can be found here(1) which also includes a list of domains, MD5 hash and User-Agent information.
Update 2: Microsoft is releasing tomorrow a fix for this vulnerability* (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview**..."
7 Nov 2013 - "... this release won’t include an update for the issue first described in Security Advisory 2896666..."
Last Update: 2013-11-13
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
Software: Microsoft Internet Explorer 10.x, 9.x, 8.x, 7.x
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3918
- 9.3 (HIGH)
... vulnerability is caused due to an error within an ActiveX control...
Solution: Apply update...
Nov 12, 2013