Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0090Microsoft Internet Explorer vulnerability

CWE-3994 documents4 sources
Severity
8.8HIGHNVD
EPSS
18.8%
top 4.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedMar 13
Latest updateMay 5

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer5 versions+4

🔴Vulnerability Details

1
GHSA
GHSA-8mwh-r4r7-636g: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that2022-05-05

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 9 - IEFRAME CView::Ensure­Size Use-After-Free (MS13-021)2016-12-16

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-12-2013
CVE-2013-0090 — Microsoft vulnerability | cvebase