cbcvebase.
CVE-2013-0019
published 2013-02-13

CVE-2013-0019: Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers…

PriorityP263critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
34.92%
98.2th percentile
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit triggers a use-after-free via window.open() to a crafted XML resource followed by a timed navigation to 'about:blank', causing access to a deleted COmWindowProxy object
  • Vulnerability class is use-after-free in COmWindowProxy; monitor for IE processes accessing freed memory after navigating a named iframe to about:blank shortly after opening an XML resource
  • Affected versions are Internet Explorer 7 through 10; detections should target iexplore.exe on those versions processing crafted web content
  • ·The exploit was discovered via fuzzing and the original detailed analysis was not preserved; only a repro and high-level advisory details are available
  • ·The setTimeout delay of 1000ms is specific to the proof-of-concept repro; real-world exploits may use different timing to trigger the race condition
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.