9.3

CVE-2013-3893

Warnung
Exploit
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version11 Updatedeveloper-preview
MicrosoftInternet Explorer Version11 Updaterelease-preview

12.08.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Resource Management Errors Vulnerability

Schwachstelle

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 85.93% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
Exploit
http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx
Vendor Advisory
http://jvn.jp/en/jp/JVN27443259/index.html
Third Party Advisory
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html
Third Party Advisory
http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.html
Exploit
http://pastebin.com/raw.php?i=Hx1L5gu6
Exploit
http://technet.microsoft.com/security/advisory/2887505
Vendor Advisory
http://www.securityfocus.com/bid/62453
Broken Link
http://www.us-cert.gov/ncas/alerts/TA13-288A
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18665
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3893
US Government Resource