Upload

Loading icon Loading...

This video is unavailable.

DeepGuard 5 vs. IE Zero-Day Exploit CVE-2013-3893

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like fslabs's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike fslabs's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add fslabs's video to your playlist.

Published on Oct 8, 2013

A brief video of F-Secure's behavioral technology (DeepGuard 5) protecting a test system from being compromised via Internet Explorer CVE-2013-3893 zero-day exploit.

The IE version in this video is vulnerable, i.e., the system does not have October's updates installed. The exploit on the video has been used in real attacks and is very similar to ones mentioned by FireEye and Dell, right down to the runrun.exe payload encrypted with 0x95 XOR key. The attack is replayed from a webserver on an isolated test network.

The exploit sets and checks a cookie to avoid exploiting the same system twice. Once DeepGuard has blocked the exploit and forced the tab to close, IE will try to reopen the tab. Because the cookie was set, the JavaScript code skips the exploit and simply redirects the user to Naver.

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Loading icon Loading...

Loading...
Working...
Sign in to add this to Watch Later

Add to