CVE-2013-3897

HIGH KEV

Internet Explorer 6-11 - Remote Code Execution via CDisplayPointer Use-After-Free

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-3897 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 2 public exploits from researchers including Metasploit, Unknown, sinn3r, including a Metasploit module exploits/windows/browser/ms13_080_cdisplaypointer.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer (CVE-2013-3897) via the CDisplayPointer object, achieving arbitrary code execution through a crafted DOM tree and event handlers.

Description

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/28974

This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer (CVE-2013-3897) via the CDisplayPointer object, achieving arbitrary code execution through a crafted DOM tree and event handlers.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8 on Windows XP SP3 or Windows 7
No auth needed
Prerequisites: Target must be using Internet Explorer 8 on Windows XP SP3 or Windows 7 · JavaScript must be enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Unknown, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb

This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer (CVE-2013-3897) via the CDisplayPointer object. It leverages a crafted DOM tree and event handlers to achieve arbitrary code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8 on Windows XP/7
No auth needed
Prerequisites: Victim must visit a malicious webpage · JavaScript must be enabled in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-288A
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080

Scores

CVSS v3 8.8
EPSS 0.8821
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-03
VulnCheck KEV 2013-10-09
InTheWild.io 2018-10-12
ENISA EUVD EUVD-2013-3829
CWE
CWE-416
Status published
Products (6)
microsoft/internet_explorer 6
microsoft/internet_explorer 7
microsoft/internet_explorer 8
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published Oct 09, 2013
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026