9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Added: 02/28/2013
CVE: CVE-2013-0025
BID: 57830
OSVDB: 90122
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
A vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code in the context of the logged-in user when the user loads a specially crafted web page. The vulnerability is due to a use after free error when handling the **CParaElement**
node of the **SLayoutRun**
class.
Apply the updates identified in MS Bulletin MS13-009.
<http://secunia.com/advisories/52122/>
This exploit was tested against Internet Explorer 8 on Microsoft Windows XP SP3 English with DEP OptIn.
The user must open the exploit in Internet Explorer 8.
Windows