Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D0DD77B9B9F029015C44E3E70C6A7478
HistorySep 05, 2013 - 12:00 a.m.

Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability

2013-09-0500:00:00
SAINT Corporation
download.saintcorporation.com
14

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.8%

JSON

Added: 09/05/2013
CVE: CVE-2013-3184
BID: 61668
OSVDB: 96182

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A user-after-free vulnerability when handling the **InsertImage** command identifier of **CFlatMarkupPointer** objects in a web page allows arbitrary command execution.

Resolution

Apply the update referenced in Microsoft Security Bulletin 13-059.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-195/&gt;

Limitations

This exploit was tested against Microsoft Internet Explorer 9 on Windows 7 SP1 (DEP OptIn).

JRE 6 must be installed on Windows 7.

The user must open the exploit file in Microsoft Internet Explorer 9.

Platforms

Windows

Related

symantec 1
checkpoint_advisories 1
nvd 1
zdi 2
saint 3
cve 1
zdt 1
packetstorm 1
prion 1
cvelist 1
attackerkb 1
mskb 1
nessus 1
openvas 2
securityvulns 1
symantec
symantec
Microsoft Internet Explorer CVE-2013-3184 Memory Corruption Vulnerability
2013-08-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3184)
2013-08-13 00:00:00
nvd
nvd
CVE-2013-3184
2013-08-14 11:10:36
zdi
zdi
Microsoft Internet Explorer CreateMarkupPointer2 Use-After-Free Remote Code Execution Vulnerability
2013-08-13 00:00:00
Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free Remote Code Execution Vulnerability
2013-08-13 00:00:00
saint
saint
Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability
2013-09-05 00:00:00
Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability
2013-09-05 00:00:00
Internet Explorer CFlatMarkupPointer Object Handling Use-after-free Vulnerability
2013-09-05 00:00:00
cve
cve
CVE-2013-3184
2013-08-14 11:10:36
zdt
zdt
MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
2013-09-04 00:00:00
packetstorm
packetstorm
MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
2013-09-04 00:00:00
prion
prion
Memory corruption
2013-08-14 11:10:00
cvelist
cvelist
CVE-2013-3184
2013-08-14 10:00:00
attackerkb
attackerkb
Microsoft Internet Explorer EnsureRecalcNotify Use-After-Free
2013-08-14 00:00:00
mskb
mskb
MS13-059: Cumulative security update for Internet Explorer: August 13, 2013
2013-08-13 00:00:00
nessus
nessus
MS13-059: Cumulative Security Update for Internet Explorer (2862772)
2013-08-14 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2862772)
2013-08-14 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2862772)
2013-08-14 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-09-09 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:D0DD77B9B9F029015C44E3E70C6A7478
symantec1checkpoint_advisories1nvd1zdi2saint3cve1zdt1packetstorm1prion1cvelist1attackerkb1mskb1nessus1openvas2securityvulns1