CVE-2013-3152

Microsoft Internet Explorer 10 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3152.

AI-analyzed exploit summary This is a functional Metasploit exploit for CVE-2013-3152, targeting a use-after-free vulnerability in Internet Explorer 8. It leverages a malformed table structure to trigger memory corruption and achieve remote code execution via ROP chains tailored for Windows XP SP3 and Windows 7.

Description

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146.

Exploits (1)

exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/28187

This is a functional Metasploit exploit for CVE-2013-3152, targeting a use-after-free vulnerability in Internet Explorer 8. It leverages a malformed table structure to trigger memory corruption and achieve remote code execution via ROP chains tailored for Windows XP SP3 and Windows 7.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 8
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-190A
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16975

Scores

EPSS 0.1537
EPSS Percentile 94.8%

Details

CWE
CWE-94
Status published
Products (1)
microsoft/internet_explorer 10
Published Jul 10, 2013
Tracked Since Feb 18, 2026