Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:6ABFCFAEE10AF8A00C0DCC1520F983B7
HistoryJun 17, 2013 - 12:00 a.m.

Internet Explorer textNode Style Computation Use After Free Vulnerability

2013-06-1700:00:00
SAINT Corporation
www.saintcorporation.com
26

0.961 High

EPSS

Percentile

99.5%

JSON

Added: 06/17/2013
CVE: CVE-2013-1311
BID: 59752
OSVDB: 93296

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Internet Explorer 8 is vulnerable to remote code execution as a result of memory corruption when computations on the Document Object Model (DOM) during the application of a style sheet results in corruption of a DOM textNode pointer. A remote attacker who persuades a user to visit a malicious web page that contains specially crafted JavaScript could execute arbitrary code in the context of the vulnerable user.

Resolution

Apply the patch detailed in Microsoft Security Bulletin MS13-037.

References

<http://technet.microsoft.com/en-us/security/bulletin/MS13-037&gt;
<http://secunia.com/advisories/53327/&gt;

Limitations

This exploit was tested against Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8 on the target Windows XP machine.

Platforms

Windows XP

Related

saint 3
checkpoint_advisories 1
packetstorm 1
cve 1
zdt 1
symantec 1
prion 1
cvelist 1
nvd 1
nessus 1
openvas 2
mskb 1
securityvulns 1
saint
saint
Internet Explorer textNode Style Computation Use After Free Vulnerability
2013-06-17 00:00:00
Internet Explorer textNode Style Computation Use After Free Vulnerability
2013-06-17 00:00:00
Internet Explorer textNode Style Computation Use After Free Vulnerability
2013-06-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer Deleted Object Use-after-free (MS13-037; CVE-2013-1311)
2013-05-14 00:00:00
packetstorm
packetstorm
MS13-037 Microsoft Internet Explorer textNode Use-After-Free
2013-06-07 00:00:00
cve
cve
CVE-2013-1311
2013-05-15 03:36:34
zdt
zdt
MS13-037 Microsoft Internet Explorer textNode Use-After-Free
2013-06-07 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2013-1311 Use-After-Free Remote Code Execution Vulnerability
2013-05-14 00:00:00
prion
prion
Design/Logic Flaw
2013-05-15 03:36:00
cvelist
cvelist
CVE-2013-1311
2013-05-15 01:00:00
nvd
nvd
CVE-2013-1311
2013-05-15 03:36:34
nessus
nessus
MS13-037: Cumulative Security Update for Internet Explorer (2829530)
2013-05-15 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)
2013-05-15 00:00:00
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)
2013-05-15 00:00:00
mskb
mskb
MS13-037: Cumulative Security Update for Internet Explorer: May 14, 2013
2013-05-14 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-05-27 00:00:00

0.961 High

EPSS

Percentile

99.5%

JSON
Related for SAINT:6ABFCFAEE10AF8A00C0DCC1520F983B7
saint3checkpoint_advisories1packetstorm1cve1zdt1symantec1prion1cvelist1nvd1nessus1openvas2mskb1securityvulns1