What has received a little less attention is that a patch for another IE zero-day actively exploited in the wild has been released simultaneously: CVE-2013-3897.
"The vulnerability is caused by a 'use-after-free' error when processing 'CDisplayPointer' objects within mshtml.dll and generically triggered by the 'onpropertychange' event handler; the vulnerability could be exploited remotely by attackers to compromise a system via a malicious web page," Elad Sharf, Senior Security Researcher at Websense, explained in a blog post.
The flaw is being exploited in a series of highly targeted, low-volume attacks in Korea, Hong Kong, and the US, aimed at companies in the finance, engineering and construction, manufacturing and government sectors.
The attack lure pages are located in a network range assigned to the Republic of Korea, and present a consistent URL structure (x.x.x.x/mii/guy2.html). It's also interesting to note that there are other pages - with the same structure - that serve an exploit for an older IE flaw (CVE-2012-4792) which has been patched a while back.
And while the exploit for the CVE-2013-3897 bug is triggered only by visitors running Windows XP 32-bit with the language set to Japanese or Korean and owners of IE 8, the CVE-2012-4792 exploit doesn't make any distinctions and targets all visitors.
“Cybercriminals continue to innovate; they find zero-day vulnerabilities and utilize them in low volume targeted attacks, and in parallel they also employ older well-known exploits," says Sharf. "This is indicative of them having conducted thorough reconnaissance in order to deliver payloads that they believe are likely to succeed."