CVE-2013-1347

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://technet.microsoft.com/security/advisory/2847140	Mitigation Patch Vendor Advisory
http://www.exploit-db.com/exploits/25294	Exploit VDB Entry
http://www.us-cert.gov/ncas/alerts/TA13-134A	Third Party Advisory US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:professional:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_xp:sp2:professional:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*

Information

Published : 2013-05-05 04:07

Updated : 2020-09-28 05:58

NVD link : CVE-2013-1347

Mitre link : CVE-2013-1347

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

microsoft

windows_7
windows_vista
windows_xp
windows_server_2008
internet_explorer
windows_server_2003

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://technet.microsoft.com/security/advisory/2847140", "name": "http://technet.microsoft.com/security/advisory/2847140", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.exploit-db.com/exploits/25294", "name": "25294", "tags": ["Exploit", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A", "name": "TA13-134A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727", "name": "oval:org.mitre.oval:def:16727", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038", "name": "MS13-038", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1347", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-05-05T11:07Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:sp2:professional:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-09-28T12:58Z"}