A little over a week ago the VRT discovered a very interesting bit of javascript on a popular JS unpacker site. Several things immediately piqued our interest in this sample. The VRT maintains a working exploit for this vulnerability which leverages a ROP chain from hxds.dll (MS Help Data Services Module) which is installed with Microsoft Office. Even before a MS advisory appeared for this use-after-free vulnerability, VRT released coverage in the form of a TRUFFLE rule.”]
Source: https://blog.talosintelligence.com/2013/10/ie-zero-day-cve-2013-3897-youve-been.html