CVE-2013-1347
CVE-2013-1347
In short
Internet Explorer 8 has a memory handling flaw that lets attackers run malicious code on your computer by tricking the browser into using objects that were improperly created or removed from memory. This vulnerability was actively exploited by criminals in May 2013.
Technical detail
Use-after-free vulnerability (CWE-416) in IE8's object memory management allows remote code execution when attackers craft malicious web content that causes the browser to reference freed or unallocated memory objects. Exploitation requires user interaction (visiting a malicious webpage) and results in arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/25294unverifiedexploitdbwww.exploit-db.com/exploits/25294unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347http://technet.microsoft.com/security/advisory/2847140http://www.exploit-db.com/exploits/25294http://www.us-cert.gov/ncas/alerts/TA13-134A