CVE-2013-4015

Microsoft Internet Explorer - Access Control

Title source: rule

Description

Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/28187

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/85762

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055

Scores

EPSS 0.0442

EPSS Percentile 89.1%

Details

CWE

CWE-264

Status published

Products (5)

microsoft/internet_explorer 6

microsoft/internet_explorer 7

microsoft/internet_explorer 8

microsoft/internet_explorer 9

microsoft/internet_explorer 10

Published Jul 26, 2013

Tracked Since Feb 18, 2026