CVE-2013-1347

HIGH KEV

Microsoft Internet Explorer - Use After Free

Title source: rule

Description

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/25294

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Unknown, EMH, juan vazquez, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb

View Code ZIP pw:eip

References (6)

[Mitigation, Patch, Vendor Advisory] http://technet.microsoft.com/security/advisory/2847140

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/25294

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/ncas/alerts/TA13-134A

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347

Scores

CVSS v3 8.8

EPSS 0.8692

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-03-03

VulnCheck KEV 2013-05-05

InTheWild.io 2020-09-28

ENISA EUVD EUVD-2013-1387

Classification

CWE

CWE-416

Status draft

Affected Products (1)

microsoft/internet_explorer

Timeline

Published May 05, 2013

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026