Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:3EF0C66878E70BB3C355385365B1DFBF
HistoryMay 08, 2013 - 12:00 a.m.

Internet Explorer CGenericElement Object Use-after-free Vulnerability

2013-05-0800:00:00
SAINT Corporation
www.saintcorporation.com
21

EPSS

0.974

Percentile

99.9%

JSON

Added: 05/08/2013
CVE: CVE-2013-1347
BID: 59641
OSVDB: 92993

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This use-after-free vulnerability is triggered when handling CGenericElement objects.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 13-028.

References

<http://technet.microsoft.com/en-us/security/advisory/2847140&gt;
<https://technet.microsoft.com/en-us/security/bulletin/ms13-028&gt;

Limitations

This exploit was tested against Microsoft Internet Explorer 8 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

Successful exploit on Windows 7 requires that JRE 6 be installed.

Platforms

Windows

Related

symantec 5
saint 3
threatpost 6
seebug 2
zdt 1
attackerkb 2
nessus 2
packetstorm 1
cvelist 1
cve 1
checkpoint_advisories 2
openvas 2
metasploit 1
nvd 1
cert 1
prion 1
cisa_kev 1
exploitdb 1
securityvulns 1
symantec
symantec
Microsoft Internet Explorer CVE-2013-1347 Use-After-Free Remote Code Execution Vulnerability
2013-05-03 00:00:00
Oracle Java Runtime Environment CVE-2013-2423 Security Bypass Vulnerability
2013-04-16 00:00:00
Adobe Acrobat and Reader CVE-2010-0188 Remote Code Execution Vulnerability
2010-02-11 00:00:00
saint
saint
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
Internet Explorer CGenericElement Object Use-after-free Vulnerability
2013-05-08 00:00:00
threatpost
threatpost
USAID a Target of DoL Watering Hole Attackers
2013-05-13 10:52:56
Microsoft Patches IE Zero Day Used In Watering Hole Attack
2013-05-14 16:14:18
Microsoft Fix It a Temporary Patch for IE 8 Zero Day Flaw
2013-05-09 12:04:34
seebug
seebug
Microsoft IE 8θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1347)
2013-05-07 00:00:00
Microsoft Internet Explorer ι‡Šζ”ΎεŽι‡η”¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1347)(MS13-038)
2013-05-17 00:00:00
zdt
zdt
Microsoft Internet Explorer CGenericElement Object Use-After-Free
2013-05-07 00:00:00
attackerkb
attackerkb
Microsoft Internet Explorer CGenericElement Use-After-Free
2013-05-05 00:00:00
Microsoft Internet Explorer SetMouseCapture Use-After-Free
2020-10-14 00:00:00
nessus
nessus
MS KB2847140: Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution (deprecated)
2013-05-09 00:00:00
MS13-038: Security Update for Internet Explorer (2847204)
2013-05-15 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer CGenericElement Object Use-After-Free
2013-05-07 00:00:00
cvelist
cvelist
CVE-2013-1347
2013-05-05 10:00:00
cve
cve
CVE-2013-1347
2013-05-05 11:07:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer 8 Use After Free Code Execution - Zero Day (CVE-2013-1347)
2013-05-05 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2847140)
2013-05-06 00:00:00
MS Internet Explorer Remote Code Execution Vulnerability (2847140)
2013-05-06 00:00:00
metasploit
metasploit
MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
2013-05-05 17:04:17
nvd
nvd
CVE-2013-1347
2013-05-05 11:07:00
cert
cert
Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
2013-05-06 00:00:00
prion
prion
Code injection
2013-05-05 11:07:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Remote Code Execution Vulnerability
2022-03-03 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - CGenericElement Object Use-After-Free (Metasploit)
2013-05-07 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-05-27 00:00:00

EPSS

0.974

Percentile

99.9%

JSON
Related for SAINT:3EF0C66878E70BB3C355385365B1DFBF
symantec5saint3threatpost6seebug2zdt1attackerkb2nessus2packetstorm1cvelist1cve1checkpoint_advisories2openvas2metasploit1nvd1cert1prion1cisa_kev1exploitdb1securityvulns1