CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 10/10/2013
CVE: CVE-2013-3897
BID: 62811
OSVDB: 98207
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Microsoft Internet Explorer contains a use-after-free error when processing **CDisplayPointer**
objects contained in **mshtml.dll**
. The use-after-free memory corruption can be triggered by the **onpropertychange**
event. A remote attacker who persuades a user to open a specially crafted web page in a vulnerable version of Internet Explorer could execute arbitrary code in the context of the current user.
Apply the KB2879017 update for Internet Explorer.
<http://technet.microsoft.com/en-us/security/bulletin/MS13-080>
<http://vrt-blog.snort.org/2013/10/ie-zero-day-cve-2013-3897-youve-been.html>
Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
JRE 6 must be installed on Windows 7.
The user must open the exploit in Internet Explorer 8.
Windows