CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 10/03/2013
CVE: CVE-2013-3205
BID: 62208
OSVDB: 97094
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Microsoft Internet Explorer contains a use-after-free error that is triggered when handling a **CCaret**
object. The vulnerability exists in the **UpdateScreenCaret()**
function in **mshtml.dll**
. An attacker who convinces a user to open a specially crafted page in the vulnerable version of Internet Explorer could execute arbitrary code in the context of the user.
Apply the KB2870699 update for Internet Explorer.
<http://www.zerodayinitiative.com/advisories/ZDI-13-217/>
The user must open the exploit in Internet Explorer 8.
JRE 6 must be installed on Windows 7.
Windows