Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:802443C7F94F2B0E856AF61456C5D438
HistoryFeb 28, 2013 - 12:00 a.m.

Internet Explorer SLayoutRun CParaElement Node Use After Free

2013-02-2800:00:00
SAINT Corporation
download.saintcorporation.com
11

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Added: 02/28/2013
CVE: CVE-2013-0025
BID: 57830
OSVDB: 90122

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code in the context of the logged-in user when the user loads a specially crafted web page. The vulnerability is due to a use after free error when handling the **CParaElement** node of the **SLayoutRun** class.

Resolution

Apply the updates identified in MS Bulletin MS13-009.

References

<http://secunia.com/advisories/52122/&gt;

Limitations

This exploit was tested against Internet Explorer 8 on Microsoft Windows XP SP3 English with DEP OptIn.

The user must open the exploit in Internet Explorer 8.

Platforms

Windows

Related

cve 1
saint 3
prion 1
nvd 1
packetstorm 1
checkpoint_advisories 2
cvelist 1
zdt 1
myhack58 1
openvas 2
mskb 1
securityvulns 1
nessus 1
cve
cve
CVE-2013-0025
2013-02-13 12:04:12
saint
saint
Internet Explorer SLayoutRun CParaElement Node Use After Free
2013-02-28 00:00:00
Internet Explorer SLayoutRun CParaElement Node Use After Free
2013-02-28 00:00:00
Internet Explorer SLayoutRun CParaElement Node Use After Free
2013-02-28 00:00:00
prion
prion
Design/Logic Flaw
2013-02-13 12:04:00
nvd
nvd
CVE-2013-0025
2013-02-13 12:04:12
packetstorm
packetstorm
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
2013-02-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer SLayoutRun Use After Free (MS13-009) - High Confidence (CVE-2013-0025)
2013-02-12 00:00:00
Internet Explorer SLayoutRun Use After Free (MS13-009; CVE-2013-0025)
2013-02-12 00:00:00
cvelist
cvelist
CVE-2013-0025
2013-02-13 11:00:00
zdt
zdt
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
2013-02-23 00:00:00
myhack58
myhack58
Windows Exploit development tutorial series--heap spray II-vulnerability warning-the black bar safety net
2017-03-02 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2792100)
2013-02-13 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2792100)
2013-02-13 00:00:00
mskb
mskb
MS13-009: Cumulative Security Update for Internet Explorer: February 12, 2013
2013-02-12 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-02-14 00:00:00
nessus
nessus
MS13-009: Security Update for Internet Explorer (2792100)
2013-02-12 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:802443C7F94F2B0E856AF61456C5D438
cve1saint3prion1nvd1packetstorm1checkpoint_advisories2cvelist1zdt1myhack581openvas2mskb1securityvulns1nessus1