CVE-2013-3893
published 2013-09-18CVE-2013-3893: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute…
PriorityP188high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-09-02
Exploited in the wild
EPSS
85.93%
99.7th percentile
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2013-3893 exploit triggers loading of hxds.dll via an ms-help: URL scheme; monitor for iexplore.exe loading hxds.dll as an anomalous child-load event. ↗
- →CVE-2013-3893 was exploited in Operation DeputyDog targeting Japanese government targets in August 2013; prioritise detection on IE 8 and IE 9 process memory anomalies. ↗
- →A public Metasploit module for CVE-2013-3893 was released; scan for Metasploit-generated exploit traffic patterns against IE targets. ↗
- →Group 72 / Axiom domains follow a pattern of encoding victim company names or acronyms in subdomains (e.g., companyname.attackerdomain.com); use this naming pattern for proactive domain hunting. ↗
- →DeputyDog (Fexel) samples associated with CVE-2013-3893 campaigns use campaign codes 'kumanichi' and 'moon'; hunt for these strings in memory or network beacons. ↗
- →C&C IP 66.153.86.14 was traceable via a shared email address linking DeputyDog and the Hidden Lynx VOHO campaign; use this IP as a pivot for infrastructure correlation. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Internet Explorer Resource Management Errors Vulnerability
cisa·2025-08-12·CVSS 8.8
CVE-2013-3893 [HIGH] CWE-399 Microsoft Internet Explorer Resource Management Errors Vulnerability
Vulnerability: Microsoft Internet Explorer Resource Management Errors Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3893
Remediation Due Date: 2025-09-02
GHSA
GHSA-7jff-7vvq-8fxx: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml
ghsa_unreviewed·2022-05-13
CVE-2013-3893 [HIGH] CWE-416 GHSA-7jff-7vvq-8fxx: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
VulnCheck
Microsoft Internet Explorer Resource Management Errors Vulnerability
vulncheck·2013·CVSS 8.8
CVE-2013-3893 [HIGH] CWE-399 Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Affected: Microsoft Internet Explorer
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://web.archive.org/web/20130924130243/https://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html; https://www.recordedfuture.com/hidden-lynx-analysis/; https:/
Suricata
ET MALWARE APT.Agtid callback
suricata·2013-09-24
CVE-2013-3893 ET MALWARE APT.Agtid callback
ET MALWARE APT.Agtid callback
Rule: alert http1 $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET MALWARE APT.Agtid callback"; flow:established,to_server; http.method; content:"POST"; http.header; content:"Agtid|3a 20|"; reference:url,www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html; classtype:targeted-activity; sid:2017511; rev:5; metadata:created_at 2013_09_24, signature_severity Major, updated_at 2024_04_07;)
YARA
APT_DeputyDog
yara
CVE-2013-3893 APT_DeputyDog
rule APT_DeputyDog
{
meta:
Author = "FireEye Labs"
Date = "2013/09/21"
Description = "detects string seen in samples used in 2013-3893 0day attacks"
Reference = "https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html"
strings:
$mz = {4d 5a}
$a = "DGGYDSYRL"
condition:
($mz at 0) and $a
}
Exploit-DB
Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
exploitdb·2021-05-17·CVSS 8.8
CVE-2013-3893 [HIGH] Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
---
# Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
# Date: 15/05/2021
# CVE : CVE-2013-3893
# PoC: https://github.com/travelworld/cve_2013_3893_trigger.html/blob/gh-pages/params.json
# Exploit Author: SlidingWindow
# Vendor Advisory: https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2887505?redirectedfrom=MSDN
# Tested on: Microsoft Internet Explorer 8 (version: 8.0.7601.17514) on Windows 7 SP1 (Version 6.1 Build 7601 SP1)
# Bypasses: DEP, ASLR using MSVCR71.DLL
# Thanks to @corelanc0d3r for awesome Heap Exploitation Training and @offsectraining for OSCP training
var spraychunks = new Array();
// Use BSTR spray since DEPS spray didn't work here
function heapspr
Exploit-DB
Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit)
exploitdb·2013-10-15·CVSS 8.8
CVE-2013-3897 [HIGH] Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit)
Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::IE,
:ua_minver => "8.0",
:ua_maxver => "8.0",
:javascript => true,
:os_name => OperatingSystems::WINDOWS,
:rank => NormalRanking
})
def initialize(info={})
super(update_info(info,
'Name' => "MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free",
'Description' => %q{
This module exploits a vulnerability found in Microsoft Internet Explorer. It was originally
found being exploited in
Exploit-DB
Micorosft Internet Explorer - SetMouseCapture Use-After-Free (Metasploit)
exploitdb·2013-10-02
CVE-2013-3893 Micorosft Internet Explorer - SetMouseCapture Use-After-Free (Metasploit)
Micorosft Internet Explorer - SetMouseCapture Use-After-Free (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "Micorosft Internet Explorer SetMouseCapture Use-After-Free",
'Description' => %q{
This module exploits a use-after-free vulnerability that currents targets Internet
Explorer 9 on Windows 7, but the flaw should exist in versions 6/7/8/9/10/11.
It was initially found in the wild in Japan, but other regions such as English,
Chinese, Korean, etc, were targeted as well.
The vulnerability is due to how the mshtml!CDoc::SetMou
Metasploit
MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free
metasploit
MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free
MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free
This module exploits a use-after-free vulnerability that currents targets Internet Explorer 9 on Windows 7, but the flaw should exist in versions 6/7/8/9/10/11. It was initially found in the wild in Japan, but other regions such as English, Chinese, Korean, etc, were targeted as well. The vulnerability is due to how the mshtml!CDoc::SetMouseCapture function handles a reference during an event. An attacker first can setup two elements, where the second is the child of the first, and then setup a onlosecapture event handler for the parent element. The onlosecapture event seems to require two setCapture() calls to trigger, one for the parent element, one for the child. When the setCapture() call for the child element is call
Metasploit
MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
metasploit·CVSS 8.8
CVE-2013-3893 [HIGH] MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
This module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple research companies and the vendor until the October patch release. This issue is a use-after-free vulnerability in CDisplayPointer via the use of a "onpropertychange" event handler. To set up the appropriate buggy conditions, we first craft the DOM tree in a specific order, where a CBlockElement comes after the CTextArea element. If we use a select() function for the CTextArea element, two important things will happen: a CDisplayPointer object w
Talos
Threat Spotlight: Group 72
blogs_talos·2014-10-14
Threat Spotlight: Group 72
This post is co-authored by Joel Esler, Martin Lee and Craig Williams.
Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors.
Each threat actor group may have certain characteristics that they display during their attack campaigns. These may be the types of malware that they use, a pattern in the naming conventions of their command and control servers, their choice of victims etc. Collecting attack data allows an observer to spot the characteristics that define each group and identify specific threat actors from the crowd of malici
Talos
Threat Spotlight: Group 72
blogs_talos·2014-10-14
Threat Spotlight: Group 72
## Threat Spotlight: Group 72
This post is co-authored by Joel Esler , Martin Lee and Craig Williams. Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors.
Each threat actor group may have certain characteristics that they display during their attack campaigns. These may be the types of malware that they use, a pattern in the naming conventions of their command and control servers, their choice of victims etc. Collecting attack data allows an observer to spot the characteristics that define each group and identify specific threat
Krebs
Adobe, Microsoft Push Critical Security Fixes
blogs_krebs·2013-10-08·CVSS 8.8
[HIGH] Adobe, Microsoft Push Critical Security Fixes
Adobe and Microsoft today each issued software updates to fix critical security issues in their products. Microsoft released eight patch bundles to address 26 different vulnerabilities in Windows and other software – including not just one but two zero-day bugs in Internet Explorer. Adobe’s patches fix a single critical vulnerability present in both Adobe Acrobat and Reader.
Four of the eight patch bulletins from Microsoft earned its most dire “critical” rating, meaning the updates fix problems deemed so severe that miscreants or malware could use them to break into vulnerable systems without any help from users. The patches impact a broad range of Microsoft products, including Windows, IE, SharePoint, .NET Framework, Office and Silverlight.
Front and center in the Microsoft patch batch
Talos
Microsoft Update Tuesday October 2013: Another IE 0-day release
blogs_talos·2013-10-08·CVSS 9.3
CVE-2013-3893 [CRITICAL] Microsoft Update Tuesday October 2013: Another IE 0-day release
This month's Microsoft Tuesday Update brings us 8 bulletins for a total of 26 CVEs. Four of these bulletins are marked as critical, while the rest are marked as important.
First, let's take a look at the 4 critical bulletins:
The most important update this month is a cumulative update for IE (MS13-080), which fixes 10 CVE issues, 2 of which have already been exploited by attackers. The first 0-day that's being fixed was widely reported and exploited (CVE-2013-3893). The second one (CVE-2013-3897) was also exploited on the web, but in a more targeted manner. We have a blog post concerning this vulnerability here. Most of the issues fixed in this bulletin are the result of use-after-free vulnerabilities.
The second bulletin (MS13-081) covers Windows Kernel Mode Drivers. One particularly i
Talos
Microsoft Update Tuesday October 2013: Another IE 0-day release
blogs_talos·2013-10-08·CVSS 9.3
[CRITICAL] Microsoft Update Tuesday October 2013: Another IE 0-day release
## Microsoft Update Tuesday October 2013: Another IE 0-day release
This month's Microsoft Tuesday Update brings us 8 bulletins for a total of 26 CVEs. Four of these bulletins are marked as critical, while the rest are marked as important.
First, let's take a look at the 4 critical bulletins:
The most important update this month is a cumulative update for IE ( MS13-080 ), which fixes 10 CVE issues, 2 of which have already been exploited by attackers. The first 0-day that's being fixed was widely reported and exploited ( CVE-2013-3893 ). The second one ( CVE-2013-3897 ) was also exploited on the web, but in a more targeted manner. We have a blog post concerning this vulnerability here . Most of the issues fixed in this bulletin are the result of use-after-free vulnerabilities.
The second
Krebs
Adobe, Microsoft Push Critical Security Fixes – Krebs on Security
blogs_krebs·2013-10-01·CVSS 8.8
[HIGH] Adobe, Microsoft Push Critical Security Fixes – Krebs on Security
Adobe and Microsoft today each issued software updates to fix critical security issues in their products. Microsoft released eight patch bundles to address 26 different vulnerabilities in Windows and other software – including not just one but two zero-day bugs in Internet Explorer. Adobe’s patches fix a single critical vulnerability present in both Adobe Acrobat and Reader .
Four of the eight patch bulletins from Microsoft earned its most dire “critical” rating, meaning the updates fix problems deemed so severe that miscreants or malware could use them to break into vulnerable systems without any help from users. The patches impact a broad range of Microsoft products, including Windows, IE, SharePoint , .NET Framework , Office and Silverlight .
Front and center in the Microsoft patch ba
Krebs
Microsoft: IE Zero Day Flaw Affects All Versions
blogs_krebs·2013-09-17·CVSS 8.8
CVE-2013-3893 [HIGH] Microsoft: IE Zero Day Flaw Affects All Versions
Microsoft said today that attackers are exploiting a previously unknown, unpatched vulnerability in all supported versions of its Internet Explorer Web browser. The company said it is working on an official patch to plug the security hole, but in the meantime it has released a stopgap fix to help protect affected customers.
Microsoft said it is aware of targeted attacks that attempt to exploit the vulnerability (CVE-2013-3893) in IE 8 and IE 9 versions of the default Windows browser. According to an advisory issued today, the flaw is a remote code bug, which means malware or miscreants could use it install malware just by coaxing IE users to browse a hacked or malicious Web site.
The Fix It solution is available from this link. To apply it, click the Fix It icon above the Fix This Proble
Krebs
Microsoft: IE Zero Day Flaw Affects All Versions – Krebs on Security
blogs_krebs·2013-09-01·CVSS 8.8
CVE-2013-3893 [HIGH] Microsoft: IE Zero Day Flaw Affects All Versions – Krebs on Security
Microsoft said today that attackers are exploiting a previously unknown, unpatched vulnerability in all supported versions of its Internet Explorer Web browser. The company said it is working on an official patch to plug the security hole, but in the meantime it has released a stopgap fix to help protect affected customers.
Microsoft said it is aware of targeted attacks that attempt to exploit the vulnerability (CVE-2013-3893) in IE 8 and IE 9 versions of the default Windows browser. According to an advisory issued today, the flaw is a remote code bug, which means malware or miscreants could use it install malware just by coaxing IE users to browse a hacked or malicious Web site.
The Fix It solution is available from this link . To apply it, click the Fix It icon above the Fix This Probl
Recorded Future
Uncovering Hidden Lynx: Using OSINT for APT Analysis
blogs_recorded_future
Uncovering Hidden Lynx: Using OSINT for APT Analysis
# Hunting Hidden Lynx: How OSINT is Crucial for APT Analysis
### Analysis Summary
- Visualization of open source intelligence on APTs reveals overlapping infrastructure, tools, and exploits used in the VOHO campaign and Operations Aurora, DeputyDog, and Ephemeral Hydra.
- Two vulnerabilities were identified as exploited by Hidden Lynx in its VOHO campaign (2012) and the Elderwood Gang responsible for Operation Aurora (2010). Command and control infrastructure was also shared between Hidden Lynx and threat actors responsible for two campaigns during 2013: Operation DeputyDog and Operation Ephemeral Hydra.
- Threat intelligence derived from disparate open web sources bolsters security efforts by identifying and contextualizing links between threat actors.
When the_New York Times_ and Mand
Zscaler
Zscaler protects against Vulnerability in Explorer | Zscaler
blogs_zscaler·CVSS 8.8
[HIGH] Zscaler protects against Vulnerability in Explorer | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Threat Intel
Axiom (Axiom, Group 72)
threat_intel·CVSS 8.8
[HIGH] Axiom (Axiom, Group 72)
# Threat Actor Profile: Axiom
ATT&CK ID: G0001
Also known as: Axiom, Group 72
Suspected origin: China
## Overview
Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between Axiom and Winnti Group but the two groups appear to be distinct based on differences in reporting on TTPs and targeting.(Citation: Kaspersky Winnti April 2013)(Citation: Kaspersky Winnti June 2015)(Citation: Novetta Winnti April 2015)
## Techniques (TTPs)
### Resource Development
- T1584.005 Botnet
Usage: Axiom has used large groups of compromised machines for use as proxy nodes.(Citation: Novetta-Axiom)
- T1583.002 DNS Server
Usage: Axiom has acquired dynamic DNS ser
Recorded Future
Uncovering Hidden Lynx: Using OSINT for APT Analysis | Recorded Future
blogs_recorded_future
Uncovering Hidden Lynx: Using OSINT for APT Analysis | Recorded Future
## Hunting Hidden Lynx: How OSINT is Crucial for APT Analysis
## Analysis Summary
Visualization of open source intelligence on APTs reveals overlapping infrastructure, tools, and exploits used in the VOHO campaign and Operations Aurora, DeputyDog, and Ephemeral Hydra.
Two vulnerabilities were identified as exploited by Hidden Lynx in its VOHO campaign (2012) and the Elderwood Gang responsible for Operation Aurora (2010). Command and control infrastructure was also shared between Hidden Lynx and threat actors responsible for two campaigns during 2013: Operation DeputyDog and Operation Ephemeral Hydra.
Threat intelligence derived from disparate open web sources bolsters security efforts by identifying and contextualizing links between threat actors.
When the_New York Times_ and Mandiant
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
# August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings fro
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
## August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group ® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings f
arXiv
PTAuth: Temporal Memory Safety via Robust Points-to Authentication
arxiv_fulltext·2020-10-26
PTAuth: Temporal Memory Safety via Robust Points-to Authentication
: Temporal Memory Safety via Robust Points-to Authentication
Reza Mirzazade Farkhani
Northeastern University
[email protected]
Mansour Ahmadi
Northeastern University
[email protected]
Long Lu
Northeastern University
[email protected]
gobble
page1
## Abstract
Temporal memory corruptions are commonly exploited software vulnerabilities that
can lead to powerful attacks. Despite significant progress made by decades of
research on mitigation techniques, existing countermeasures fall short due to
either limited coverage or overly high overhead. Furthermore, they require
external mechanisms (e.g., spatial memory safety) to protect their metadata.
Otherwise, their protection can be bypassed or disabled.
To address these limitations, we present robust points-to
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspxhttp://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspxhttp://jvn.jp/en/jp/JVN27443259/index.htmlhttp://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.htmlhttp://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.htmlhttp://pastebin.com/raw.php?i=Hx1L5gu6http://technet.microsoft.com/security/advisory/2887505http://www.securityfocus.com/bid/62453http://www.us-cert.gov/ncas/alerts/TA13-288Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18665http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspxhttp://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspxhttp://jvn.jp/en/jp/JVN27443259/index.htmlhttp://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.htmlhttp://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.htmlhttp://pastebin.com/raw.php?i=Hx1L5gu6http://technet.microsoft.com/security/advisory/2887505http://www.securityfocus.com/bid/62453http://www.us-cert.gov/ncas/alerts/TA13-288Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18665https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3893
2013-09-18
Published
2025-08-12
Added to CISA KEV
Exploited in the wild