cbcvebase.
CVE-2013-1309
published 2013-05-15

CVE-2013-1309: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers…

PriorityP261critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
39.11%
98.4th percentile
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.

Affected

5 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • The exploit triggers a use-after-free in MSHTML via CDispNode::InsertSiblingNode, exploitable through a crafted web page using CSS float, zoom, and ::first-letter pseudo-element combinations to corrupt freed objects
  • Exploit page uses CSS properties float:left, zoom:3000%, and border::first-letter with border-top:1px to trigger the use-after-free condition in MSHTML layout engine
  • Exploit uses window.onload with location.reload() to repeatedly trigger the vulnerable code path and achieve reliable use-after-free exploitation
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.