CVE-2013-2551
HIGH KEV RANSOMWAREMicrosoft Internet Explorer <10 - RCE
Title source: llmDescription
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/26175
metasploit
WORKING POC
NORMAL
by Nicolas Joly, 4B5F5F4B, juan vazquez, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb
References (7)
Scores
CVSS v3
8.8
EPSS
0.9127
EPSS Percentile
99.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-03-28
VulnCheck KEV
2015-02-23
InTheWild.io
2022-03-28
ENISA EUVD
EUVD-2013-2493
Ransomware Use
Confirmed
CWE
CWE-416
Status
published
Products (5)
microsoft/internet_explorer
6
microsoft/internet_explorer
7
microsoft/internet_explorer
8
microsoft/internet_explorer
9
microsoft/internet_explorer
10
Published
Mar 11, 2013
KEV Added
Mar 28, 2022
Tracked Since
Feb 18, 2026