CVE-2013-0022 — Use After Free in Microsoft Internet Explorer

CWE-399 CWE-416 — Use After Free CWE-121 — Stack-based Buffer Overflow5 documents4 sources

Severity

9.0CRITICALNVD

EPSS

31.0%

top 3.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedFeb 13

Latest updateMay 5

Description

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer9

🔴Vulnerability Details

GHSA

GHSA-7qv4-9j3v-5hf5: Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers a↗2022-05-05

▶

📋Vendor Advisories

Red Hat

glibc: stack overflow in getaddrinfo()'s use of alloca()↗2011-04-13

▶

Red Hat

glibc: stack overflow in getaddrinfo()'s use of alloca()↗2011-04-13

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 02-12-2013↗

▶