CVE-2013-3143
published 2013-07-10CVE-2013-3143: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site…
PriorityP357critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
32.75%
98.1th percentile
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qw9x-vgm9-f658: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2013-3161 [CRITICAL] CWE-94 GHSA-qw9x-vgm9-f658: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.
GHSA
GHSA-49hr-9mq4-ccxr: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (m
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2013-3846 [CRITICAL] GHSA-49hr-9mq4-ccxr: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (m
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161.
GHSA
GHSA-p234-pw68-f22f: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2013-3143 [CRITICAL] CWE-94 GHSA-p234-pw68-f22f: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055)
exploitdb·2016-12-15
CVE-2013-3143 Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055)
Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055)
---
document.addEventListener("load", function (){
document.documentElement.removeNode(true);
}, true);
document.addEventListener("DOMNodeRemoved", function (){
document.write("");
}, true);
Exploit-DB
Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055) (Metasploit)
exploitdb·2013-09-10
CVE-2013-4015 Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055) (Metasploit)
Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055) (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free",
'Description' => %q{
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
t
http://blog.skylined.nl/20161214001.htmlhttp://packetstormsecurity.com/files/140166/Microsoft-Internet-Explorer-9-IEFRAME-CMarkup..RemovePointerPos-Use-After-Free.htmlhttp://www.us-cert.gov/ncas/alerts/TA13-190Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17259https://www.exploit-db.com/exploits/40923/http://blog.skylined.nl/20161214001.htmlhttp://packetstormsecurity.com/files/140166/Microsoft-Internet-Explorer-9-IEFRAME-CMarkup..RemovePointerPos-Use-After-Free.htmlhttp://www.us-cert.gov/ncas/alerts/TA13-190Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17259https://www.exploit-db.com/exploits/40923/
2013-07-10
Published