CVE-2013-1347
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 12, 2013
- Published Date
- May 05, 2013
- Last Updated
- February 04, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2022-03-03 00:00:00 UTC) Source
References
http://www.exploit-db.com/exploits/25294
http://www.us-cert.gov/ncas/alerts/TA13-134A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727
http://technet.microsoft.com/security/advisory/2847140
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb | 2025-04-29 11:01:31 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ie_cgenericelement_uaf
Type: metasploit • Created: Unknown
Metasploit module for CVE-2013-1347