Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2013-1347
HistoryMay 05, 2013 - 11:07 a.m.

CVE-2013-1347

2013-05-0511:07:00
CWE-416
microsoft
web.nvd.nist.gov
943
In Wild
cve-2013-1347
microsoft internet explorer 8
security vulnerability
memory object handling
remote code execution
nvd
exploit

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.974

Percentile

99.9%

JSON

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

Affected configurations

Nvd
Node
microsoftinternet_explorerMatch8
AND
microsoftwindows_7Match-sp1
OR
microsoftwindows_server_2003Match-sp2
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_server_2008Matchr2sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpMatch-sp2professional
OR
microsoftwindows_xpMatch-sp3
VendorProductVersionCPE
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Related

saint 4
symantec 5
threatpost 6
seebug 2
openvas 2
checkpoint_advisories 2
nessus 2
zdt 1
packetstorm 1
attackerkb 2
cvelist 1
metasploit 1
cert 1
nvd 1
cisa_kev 1
prion 1
exploitdb 1
securityvulns 1
saint
saint
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2013-1347 Use-After-Free Remote Code Execution Vulnerability
2013-05-03 00:00:00
Oracle Java Runtime Environment CVE-2013-2423 Security Bypass Vulnerability
2013-04-16 00:00:00
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
2011-10-18 00:00:00
threatpost
threatpost
USAID a Target of DoL Watering Hole Attackers
2013-05-13 10:52:56
Microsoft Patches IE Zero Day Used In Watering Hole Attack
2013-05-14 16:14:18
Microsoft Fix It a Temporary Patch for IE 8 Zero Day Flaw
2013-05-09 12:04:34
seebug
seebug
Microsoft Internet Explorer ι‡Šζ”ΎεŽι‡η”¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1347)(MS13-038)
2013-05-17 00:00:00
Microsoft IE 8θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1347)
2013-05-07 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2847140)
2013-05-06 00:00:00
MS Internet Explorer Remote Code Execution Vulnerability (2847140)
2013-05-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer 8 Use After Free Code Execution - Zero Day (CVE-2013-1347)
2013-05-05 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
nessus
nessus
MS KB2847140: Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution (deprecated)
2013-05-09 00:00:00
MS13-038: Security Update for Internet Explorer (2847204)
2013-05-15 00:00:00
zdt
zdt
Microsoft Internet Explorer CGenericElement Object Use-After-Free
2013-05-07 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer CGenericElement Object Use-After-Free
2013-05-07 00:00:00
attackerkb
attackerkb
Microsoft Internet Explorer CGenericElement Use-After-Free
2013-05-05 00:00:00
Microsoft Internet Explorer SetMouseCapture Use-After-Free
2020-10-14 00:00:00
cvelist
cvelist
CVE-2013-1347
2013-05-05 10:00:00
metasploit
metasploit
MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
2013-05-05 17:04:17
cert
cert
Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
2013-05-06 00:00:00
nvd
nvd
CVE-2013-1347
2013-05-05 11:07:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Remote Code Execution Vulnerability
2022-03-03 00:00:00
prion
prion
Code injection
2013-05-05 11:07:00
exploitdb
exploitdb
Microsoft Internet Explorer - CGenericElement Object Use-After-Free (Metasploit)
2013-05-07 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-05-27 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.974

Percentile

99.9%

JSON
Related for CVE-2013-1347
saint4symantec5threatpost6seebug2openvas2checkpoint_advisories2nessus2zdt1packetstorm1attackerkb2cvelist1metasploit1cert1nvd1cisa_kev1prion1exploitdb1securityvulns1