Microsoft has released an Internet Explorer "Fix it" to temporarily address a vulnerability that exists in all supported versions of its Web browser.
The IE Fix it, CVE-2013-3893 MSHTML Shim Workaround,
In a blog post, Microsoft Security Response Center Engineer Neil Sikka explained that attackers are targeting a use-after-free vulnerability in the HTML rendering engine of IE. He noted that the attacks take advantage of a Microsoft Office DLL that was not compiled with Address Space Layout Randomization (ASLR) enabled.
Attackers can target this vulnerability via malicious webpages and possibly advertisements, but attackers still need to direct users to the malicious content via a Web link, email or IM. Attackers can potentially gain user rights via a successful exploit, though those rights could be limited based on the account settings of the current user.
Beyond applying the temporary fix, the company also advised that version 4.0 of its Enhanced Mitigation Experience Toolkit could help protect against the active exploits it has analyzed.