CVE-2013-1312 — Use After Free in Microsoft Internet Explorer

CWE-416 — Use After Free8 documents6 sources

Severity

9.3CRITICALNVD

EPSS

41.0%

top 2.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer Apache Httpd

Timeline

PublishedMay 15

Latest updateMay 14

Description

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer10, 9+1

▶apacheapache/httpd

🔴Vulnerability Details

GHSA

GHSA-gcx2-xqvg-96fr: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that tri↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Open-Xchange Server 6 - Multiple Vulnerabilities↗2013-03-15

▶

Exploit-DB

Google Chrome - Silent HTTP Authentication↗2013-02-11

▶

📋Vendor Advisories

Apache

Apache httpd: CVE-2018-1312↗

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 05-14-2013↗

▶

💬Community

Bugzilla

CVE-2013-0836 v8: DoS due to improperly implemented garbage collection↗2013-01-16

▶

Bugzilla

CVE-2012-5153 v8: DoS due to crafted JavaScript code that causes out-of-bounds access to stack memory↗2013-01-16

▶