CVE-2013-1347
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 12, 2013
- Published Date
- May 05, 2013
- Last Updated
- February 04, 2025
- Vendor
- Microsoft
- Product
- Internet Explorer 8
- Description
- Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-03-03 00:00:00 UTC) Source
cisa
metasploit_scanner
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
http://www.exploit-db.com/exploits/25294
http://www.us-cert.gov/ncas/alerts/TA13-134A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727
http://technet.microsoft.com/security/advisory/2847140
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb | 2025-04-29 11:01:31 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ie_cgenericelement_uaf
Type: metasploit • Created: Unknown
Metasploit module for CVE-2013-1347
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit