CVE-2013-3146

Microsoft Internet Explorer 10 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3146.

AI-analyzed exploit summary This is a functional Metasploit exploit for CVE-2013-3146, targeting a use-after-free vulnerability in Microsoft Internet Explorer 8. It leverages a crafted HTML page with JavaScript to trigger the vulnerability, leading to arbitrary code execution via ROP chains tailored for different Windows versions.

Description

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.

Exploits (1)

exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/28187

This is a functional Metasploit exploit for CVE-2013-3146, targeting a use-after-free vulnerability in Microsoft Internet Explorer 8. It leverages a crafted HTML page with JavaScript to trigger the vulnerability, leading to arbitrary code execution via ROP chains tailored for different Windows versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 8
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16815
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-190A

Scores

EPSS 0.1537
EPSS Percentile 94.8%

Details

CWE
CWE-94
Status published
Products (1)
microsoft/internet_explorer 10
Published Jul 10, 2013
Tracked Since Feb 18, 2026