CVE-2013-3126
published 2013-06-12CVE-2013-3126: Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
13.54%
96.0th percentile
Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday, June 2013: mostly about Internet Explorer
blogs_talos·2013-06-11·CVSS 9.3
[CRITICAL] Microsoft Update Tuesday, June 2013: mostly about Internet Explorer
Another month brings us another Update Tuesday. This month is pretty light with respect to the updates that Microsoft is releasing. They're releasing a total of 5 bulletins, covering 23 CVEs.
First and foremost are the critical updates for Internet Explorer (MS13-047). They are releasing updates for 19 CVEs, some of which could allow for remote code execution. These issues cover all supported IE versions, ranging from IE6 to IE10. Unlike last month, these issues do not seem to have been exploited in the wild and were all reported through Microsoft's "Coordinated Vulnerability Disclosure" program. While most issues are triggerable in default configurations of IE, one issue (CVE-2013-3126) requires the user to have enabled script debugging and can only exploited when this mode is active. Th
Talos
Microsoft Update Tuesday, June 2013: mostly about Internet Explorer
blogs_talos·2013-06-11·CVSS 9.3
[CRITICAL] Microsoft Update Tuesday, June 2013: mostly about Internet Explorer
## Microsoft Update Tuesday, June 2013: mostly about Internet Explorer
Another month brings us another Update Tuesday. This month is pretty light with respect to the updates that Microsoft is releasing. They're releasing a total of 5 bulletins, covering 23 CVEs.
First and foremost are the critical updates for Internet Explorer ( MS13-047 ). They are releasing updates for 19 CVEs, some of which could allow for remote code execution. These issues cover all supported IE versions, ranging from IE6 to IE10. Unlike last month, these issues do not seem to have been exploited in the wild and were all reported through Microsoft's "Coordinated Vulnerability Disclosure" program. While most issues are triggerable in default configurations of IE, one issue ( CVE-2013-3126 ) requires the user to have
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16687https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16687
2013-06-12
Published