CVE-2013-3120

Microsoft Internet Explorer 10 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3120. PoCs published by Skylined.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in Microsoft Internet Explorer 10 by manipulating the document.designMode and document.execCommand APIs to trigger stale pointer usage in CEditAdorner::Detach, potentially leading to arbitrary code execution.

Description

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmldoswindows

https://www.exploit-db.com/exploits/40844

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in Microsoft Internet Explorer 10 by manipulating the document.designMode and document.execCommand APIs to trigger stale pointer usage in CEditAdorner::Detach, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer 10

No auth needed

Prerequisites: Target must visit a malicious webpage · JavaScript must be enabled in the target's browser

MITRE ATT&CK