Lucene search

[email protected]NVD:CVE-2013-3897

HistoryOct 09, 2013 - 2:54 p.m.

CVE-2013-3897

2013-10-0914:54:25

CWE-416

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.967

Percentile

99.7%

JSON

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka “Internet Explorer Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftinternet_explorerMatch6

AND

microsoftwindows_server_2003Match-sp2

microsoftwindows_xpMatch-sp2professionalx64

microsoftwindows_xpMatch-sp3

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_server_2003Match-sp2

microsoftwindows_server_2008Match-sp2

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpMatch-sp2professionalx64

microsoftwindows_xpMatch-sp3

Node

microsoftinternet_explorerMatch8

AND

microsoftwindows_7Match-sp1

microsoftwindows_server_2003Match-sp2

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpMatch-sp2professionalx64

microsoftwindows_xpMatch-sp3

Node

microsoftinternet_explorerMatch9

AND

microsoftwindows_7Match-sp1

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_vistaMatch-sp2

Node

microsoftinternet_explorerMatch10

AND

microsoftwindows_7Match-sp1

microsoftwindows_8Match-

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

Node

microsoftinternet_explorerMatch11-

AND

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2012Matchr2

References

blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx

www.us-cert.gov/ncas/alerts/TA13-288A

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18989

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.967

Percentile

99.7%

JSON

Related for NVD:CVE-2013-3897

saint4 checkpoint_advisories1 cisa_kev1 cvelist1 cve1 zdt1 canvas1 prion1 symantec1 packetstorm1 threatpost1 attackerkb1 nessus1 securityvulns1 openvas1