FYI...
CVE-2013-3918 Exploit...
- http://www.threattracksecurity.com/i...-3918-exploit/
Nov 22, 2013 - "... If you haven’t updated your OS yet, -now- is the time to do it... We were able to retrieve a piece of the exploit malware... Here is a malformed HTML website I used to test the exploit on.
> http://www.threattracksecurity.com/i...4CACC6ED89.jpg
As you can see, there’s nothing special about it. All one can see is a white page with the text “Hello man” on it. What users don’t know is that infiltration and code execution happens in the background. They don’t see anything happening until it’s already too late..."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3918 - 9.3 (HIGH)
Last revised: 11/15/2013 - "... as exploited in the wild in November 2013, aka 'InformationCardSigninHelper' Vulnerability."
Microsoft Security Bulletin MS13-090 - Critical
Cumulative Security Update of ActiveX Kill Bits (2900986)
- http://technet.microsoft.com/security/bulletin/MS13-090
___
- http://blog.trendmicro.com/trendlabs...light-exploit/
Nov 25, 2013 - "... independent security researchers found that the Angler Exploit Kit had added Silverlight to their list of targeted software, using CVE-2013-0074. When we analyzed the available exploit, we found that in addition to CVE-2013-0074, a second vulnerability, CVE-2013-3896, in order to bypass ASLR. These vulnerabilities are discussed in two separate Microsoft security bulletins, namely MS13-022 and MS13-087, respectively..."