⚠ Actively exploited
Added to CISA KEV on 2023-03-30. Federal agencies required to patch by 2023-04-20. Required action: The impacted product is end-of-life and should be disconnected if still in use..
CVE-2013-3163 — Code Injection in Microsoft Internet Explorer
Severity
9.3CRITICALNVD
NVD8.8VulnCheck8.8CISA8.8
EPSS
84.6%
top 0.67%
CISA KEV
KEV
Added 2023-03-30
Due 2023-04-20
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 10
KEV addedMar 30
KEV dueApr 20
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Description
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-9pqv-9r37-hxh7: Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf↗2022-05-14
GHSA▶
GHSA-c8qc-c83f-7w46: Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf↗2022-05-14
GHSA▶
GHSA-mm9g-wfxq-fxg2: Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf↗2022-05-14