CVE-2013-3846

Microsoft Internet Explorer - Resource Management Error

Title source: rule

Description

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161.

Exploits (1)

exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/28187

References (2)

Scores

EPSS 0.6682
EPSS Percentile 98.5%

Classification

CWE
CWE-399
Status draft

Affected Products (2)

microsoft/internet_explorer
microsoft/internet_explorer

Timeline

Published Dec 29, 2013
Tracked Since Feb 18, 2026