9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.961 High
EPSS
Percentile
99.5%
Added: 06/17/2013
CVE: CVE-2013-1311
BID: 59752
OSVDB: 93296
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the Document Object Model (DOM) during the application of a style sheet results in corruption of a DOM textNode pointer. A remote attacker who persuades a user to visit a malicious web page that contains specially crafted JavaScript could execute arbitrary code in the context of the vulnerable user.
Apply the patch detailed in Microsoft Security Bulletin MS13-037.
<http://technet.microsoft.com/en-us/security/bulletin/MS13-037>
<http://secunia.com/advisories/53327/>
This exploit was tested against Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn).
The user must open the exploit in Internet Explorer 8 on the target Windows XP machine.
Windows XP