CVE-2013-1347

HIGH KEV

Microsoft Internet Explorer 8 - Remote Code Execution via Use-After-Free

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-1347 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 2 public exploits from researchers including Metasploit, Unknown, EMH, juan vazquez, sinn3r, including a Metasploit module exploits/windows/browser/ie_cgenericelement_uaf.

AI-analyzed exploit summary This is a Metasploit module exploiting a use-after-free vulnerability in Microsoft Internet Explorer 8 (CVE-2013-1347). It achieves remote code execution by manipulating a CGenericElement object and leveraging ROP chains for different Windows versions.

Description

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/25294

This is a Metasploit module exploiting a use-after-free vulnerability in Microsoft Internet Explorer 8 (CVE-2013-1347). It achieves remote code execution by manipulating a CGenericElement object and leveraging ROP chains for different Windows versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8 on Windows XP SP3, Vista, Server 2003, and 7
No auth needed
Prerequisites: Target must be using Internet Explorer 8 on a vulnerable Windows version · Target must visit a malicious webpage or be redirected to one
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Unknown, EMH, juan vazquez, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb

This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer (CVE-2013-1347) by manipulating a CGenericElement object, leading to arbitrary code execution. It includes ROP chains for various Windows versions and leverages JavaScript obfuscation to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 8
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/25294
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-134A
Mitigation, Patch, Vendor Advisory x_refsource_confirm
http://technet.microsoft.com/security/advisory/2847140
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038

Scores

CVSS v3 8.8
EPSS 0.8771
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-03
VulnCheck KEV 2013-05-05
InTheWild.io 2020-09-28
ENISA EUVD EUVD-2013-1387
CWE
CWE-416
Status published
Products (1)
microsoft/internet_explorer 8
Published May 05, 2013
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026