Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0025Microsoft Internet Explorer vulnerability

CWE-39912 documents8 sources
Severity
9.3CRITICALNVD
EPSS
86.1%
top 0.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedFeb 13
Latest updateMay 5

Description

Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-xpw4-69mf-fh5j: Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers a2022-05-05

💥Exploits & PoCs

4
Exploit-DB
TP-Link TL-WR1043N Router - Cross-Site Request Forgery2013-04-24
Exploit-DB
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)2013-02-23
Exploit-DB
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)2013-02-14
Metasploit
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free

🕵️Threat Intelligence

2
Recorded Future
Tracking Moving Targets: Exploit Kits and CVEs
Zscaler
Zscaler found Multiple Security Vulnerabilities | 02-12-2013

📄Research Papers

2
arXiv
SOK: On the Analysis of Web Browser Security2021-12-31
arXiv
Rethinking Misalignment to Raise the Bar for Heap Pointer Corruption2018-08-08

💬Community

1
Bugzilla
CVE-2013-6443 CFME: GET request CSRF vulnerability2013-12-17
CVE-2013-0025 — Microsoft vulnerability | cvebase