CVE-2013-5045

Microsoft Internet Explorer 10-11 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-5045. PoCs published by Metasploit, James Forshaw, juan vazquez, including Metasploit module exploits/windows/local/ms13_097_ie_registry_symlink.

AI-analyzed exploit summary This Metasploit module exploits CVE-2013-5045, a registry symlink vulnerability in Internet Explorer's Enhanced Protected Mode, allowing sandbox escape and execution of code with Medium Integrity. It leverages the IESetProtectedModeRegKeyOnly function in ieframe.dll to manipulate registry keys and bypass sandbox restrictions.

Description

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/33893

View Code ZIP pw:eip

This Metasploit module exploits CVE-2013-5045, a registry symlink vulnerability in Internet Explorer's Enhanced Protected Mode, allowing sandbox escape and execution of code with Medium Integrity. It leverages the IESetProtectedModeRegKeyOnly function in ieframe.dll to manipulate registry keys and bypass sandbox restrictions.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer 8-11

No auth needed

Prerequisites: Running inside an Internet Explorer process · Low Integrity context

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC GREAT

by James Forshaw, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms13_097_ie_registry_symlink.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2013-5045, a vulnerability in Internet Explorer's Enhanced Protected Mode, by abusing the IESetProtectedModeRegKeyOnly function to escape the sandbox and execute code with Medium Integrity. It leverages registry symlinks to bypass security restrictions and achieve local privilege escalation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer 8-11

No auth needed

Prerequisites: Meterpreter session with Low Integrity · Internet Explorer process running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33893

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/100757

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097

Exploit, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html

Scores

EPSS 0.1739

EPSS Percentile 96.7%

Details

CWE

CWE-20

Status published

Products (2)

microsoft/internet_explorer 10

microsoft/internet_explorer 11

Published Dec 11, 2013

Tracked Since Feb 18, 2026