Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:530FA87FA097C35D9629E058CE3C1589
HistoryMay 08, 2013 - 12:00 a.m.

Internet Explorer CGenericElement Object Use-after-free Vulnerability

2013-05-0800:00:00
SAINT Corporation
download.saintcorporation.com
26

0.973 High

EPSS

Percentile

99.9%

JSON

Added: 05/08/2013
CVE: CVE-2013-1347
BID: 59641
OSVDB: 92993

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This use-after-free vulnerability is triggered when handling CGenericElement objects.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 13-028.

References

<http://technet.microsoft.com/en-us/security/advisory/2847140&gt;
<https://technet.microsoft.com/en-us/security/bulletin/ms13-028&gt;

Limitations

This exploit was tested against Microsoft Internet Explorer 8 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

Successful exploit on Windows 7 requires that JRE 6 be installed.

Platforms

Windows

Related

threatpost 6
symantec 5
cert 1
nvd 1
seebug 2
checkpoint_advisories 2
openvas 2
saint 3
nessus 2
packetstorm 1
zdt 1
cve 1
attackerkb 2
cvelist 1
cisa_kev 1
prion 1
securityvulns 1
threatpost
threatpost
USAID a Target of DoL Watering Hole Attackers
2013-05-13 10:52:56
Microsoft Patches IE Zero Day Used In Watering Hole Attack
2013-05-14 16:14:18
Microsoft Fix It a Temporary Patch for IE 8 Zero Day Flaw
2013-05-09 12:04:34
symantec
symantec
Microsoft Internet Explorer CVE-2013-1347 Use-After-Free Remote Code Execution Vulnerability
2013-05-03 00:00:00
Adobe Acrobat and Reader CVE-2010-0188 Remote Code Execution Vulnerability
2010-02-11 00:00:00
Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability
2013-02-28 00:00:00
cert
cert
Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
2013-05-06 00:00:00
nvd
nvd
CVE-2013-1347
2013-05-05 11:07:00
seebug
seebug
Microsoft Internet Explorer ι‡Šζ”ΎεŽι‡η”¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1347)(MS13-038)
2013-05-17 00:00:00
Microsoft IE 8θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1347)
2013-05-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer 8 Use After Free Code Execution - Zero Day (CVE-2013-1347)
2013-05-05 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2847140)
2013-05-06 00:00:00
MS Internet Explorer Remote Code Execution Vulnerability (2847140)
2013-05-06 00:00:00
saint
saint
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
nessus
nessus
MS KB2847140: Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution (deprecated)
2013-05-09 00:00:00
MS13-038: Security Update for Internet Explorer (2847204)
2013-05-15 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer CGenericElement Object Use-After-Free
2013-05-07 00:00:00
zdt
zdt
Microsoft Internet Explorer CGenericElement Object Use-After-Free
2013-05-07 00:00:00
cve
cve
CVE-2013-1347
2013-05-05 11:07:00
attackerkb
attackerkb
Microsoft Internet Explorer CGenericElement Use-After-Free
2013-05-05 00:00:00
Microsoft Internet Explorer SetMouseCapture Use-After-Free
2020-10-14 00:00:00
cvelist
cvelist
CVE-2013-1347
2013-05-05 10:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Remote Code Execution Vulnerability
2022-03-03 00:00:00
prion
prion
Code injection
2013-05-05 11:07:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-05-27 00:00:00

0.973 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:530FA87FA097C35D9629E058CE3C1589
threatpost6symantec5cert1nvd1seebug2checkpoint_advisories2openvas2saint3nessus2packetstorm1zdt1cve1attackerkb2cvelist1cisa_kev1prion1securityvulns1