CERT-In Vulnerability Note
CIVN-2013-0199
Microsoft Windows InformationCardSigninHelper Class ActiveX Control Code Execution Vulnerability
Original Issue Date:November 13, 2013
Severity Rating: HIGH
Systems Affected
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2(32 & 64 bit)
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 2(32 & 64 bit)
- Windows Server 2008 SP2(32 & 64 bit)Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for SP1( 32 & 64 bit)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
- Windows 8 & 8.1(32 & 64 bit)
- Windows Server 2012 & R@
- Windows RT & RT 8.1
Component Affected
- Internet Explorer 7,8,9,10
Overview
A remote code execution vulnerability has been reported in Microsoft Windows InformationCardSigninHelper Class ActiveX Control which could allow a remote attacker to execute arbitrary code on the targeted system with the privileges of logged in user.
Description
The vulnerability exists in Microsoft windows InformationCardSigninHelper Class ActiveX Control(icardie.dll) due to improper handling of ActiveX control instantiation by the affected software. An unauthenticated remote attacker could exploit this vulnerability by convincing a user to visit a specially crafted web page using Internet Explorer.
Successful exploitation of this vulnerability could allow the remote attacker to execute arbitrary code with the privileges of the logged in user on the targeted system.
Note: Exploitation of this vulnerability has been reported in the wild in limited targeted attacks.
Workaround
- Prevent binary behaviors from being used in Internet Explorer by setting the kill bit behavior in the registry.
- Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.
- Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and local intranet security zones.
- Deploy the
Enhanced Mitigation Experience Toolkit
Note: For detailed steps and impact of applying these workarounds refer to Microsoft Security bulletin
MS13-090
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin
MS13-090
Vendor Information
Microsoft
https://technet.microsoft.com/en-us/security/bulletin/ms13-090
References
Microsoft
https://technet.microsoft.com/en-us/security/bulletin/ms13-090
http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx
Secunia
http://secunia.com/advisories/55611
Xforce
http://www.iss.net/threats/480.html
Cisco
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=3080&signatureSubId=0
FIREEYE
http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html
Security Focus
http://www.securityfocus.com/bid/63631
CVE Name
CVE-2013-3918
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|