Upload

Loading...

DeepGuard 5 vs. IE Zero-Day Exploit CVE-2013-3893

1,926

Loading...

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Oct 8, 2013

A brief video of F-Secure's behavioral technology (DeepGuard 5) protecting a test system from being compromised via Internet Explorer CVE-2013-3893 zero-day exploit.

The IE version in this video is vulnerable, i.e., the system does not have October's updates installed. The exploit on the video has been used in real attacks and is very similar to ones mentioned by FireEye and Dell, right down to the runrun.exe payload encrypted with 0x95 XOR key. The attack is replayed from a webserver on an isolated test network.

The exploit sets and checks a cookie to avoid exploiting the same system twice. Once DeepGuard has blocked the exploit and forced the tab to close, IE will try to reopen the tab. Because the cookie was set, the JavaScript code skips the exploit and simply redirects the user to Naver.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up Next


Sign in to add this to Watch Later

Add to

Loading playlists...