⚠ Actively exploited

Added to CISA KEV on 2025-08-12. Federal agencies required to patch by 2025-09-02. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2013-3893 — Use After Free in Microsoft Internet Explorer

CWE-399 CWE-416 — Use After Free26 documents14 sources

Severity

8.8HIGHNVD

EPSS

81.2%

top 0.83%

CISA KEV

KEV

Added 2025-08-12

Due 2025-09-02

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedSep 18

KEV addedAug 12

KEV dueSep 2

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6 versions+5

🔴Vulnerability Details

GHSA

GHSA-7jff-7vvq-8fxx: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml↗2022-05-13

▶

VulnCheck

Microsoft Internet Explorer Resource Management Errors Vulnerability↗2013

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free↗2021-05-17

▶

Exploit-DB

Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit)↗2013-10-15

▶

Exploit-DB

Micorosft Internet Explorer - SetMouseCapture Use-After-Free (Metasploit)↗2013-10-02

▶

Metasploit

MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free↗

▶

Metasploit

MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free↗

▶

🔍Detection Rules

Suricata

ET MALWARE APT.Agtid callback↗2013-09-24

▶

YARA

APT_DeputyDog↗

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Resource Management Errors Vulnerability↗2025-08-12

▶

🕵️Threat Intelligence

Talos

Threat Spotlight: Group 72↗2014-10-14

▶

Talos

Threat Spotlight: Group 72↗2014-10-14

▶

Krebs

Adobe, Microsoft Push Critical Security Fixes↗2013-10-08

▶

Talos

Microsoft Update Tuesday October 2013: Another IE 0-day release↗2013-10-08

▶

Talos

Microsoft Update Tuesday October 2013: Another IE 0-day release↗2013-10-08

▶

📄Research Papers

arXiv

PTAuth: Temporal Memory Safety via Robust Points-to Authentication↗2020-10-26

▶