CVE-2013-5045

Microsoft Internet Explorer 10-11 - Privilege Escalation

Title source: llm

Description

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/33893

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by James Forshaw, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms13_097_ie_registry_symlink.rb

View Code ZIP pw:eip

References (4)

[Exploit, VDB Entry] http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/100757

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/33893

Scores

EPSS 0.2423

EPSS Percentile 96.1%

Details

CWE

CWE-20

Status published

Products (2)

microsoft/internet_explorer 10

microsoft/internet_explorer 11

Published Dec 11, 2013

Tracked Since Feb 18, 2026