Skip to main content
MSRC

MS13-090

Technical details of the targeted attack using IE vulnerability CVE-2013-3918

Tuesday, November 12, 2013

Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today’s UpdateTuesday release and to clarify some details about the second vulnerability reported.