9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.965 High
EPSS
Percentile
99.5%
Added: 10/09/2013
CVE: CVE-2013-3163
BID: 60975
OSVDB: 94981
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Microsoft Internet Explorer contains a use-after-free error which can lead to memory corruption in such a way as to allow remote code execution in the context of the current user.
Apply the KB2846071 update for Internet Explorer.
<http://blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx>
<http://technet.microsoft.com/security/bulletin/MS13-055>
Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
JRE 6 must be installed on Windows 7.
The user must open the exploit in Internet Explorer 8.
Windows