Vulnerability CVE-2013-1347
Published: 2013-05-05

Description:
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

See advisories in our WLB2 database:
Topic
Author
Date
High
Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
sinn3r
07.05.2013

Type:

CWE-94

 (Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Internet explorer 

 References:
http://technet.microsoft.com/security/advisory/2847140
http://www.exploit-db.com/exploits/25294
http://www.us-cert.gov/ncas/alerts/TA13-134A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727
Copyright 2024, cxsecurity.com

 

Back to Top