Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-5045 — Improper Input Validation in Microsoft Internet Explorer

CWE-20 — Improper Input Validation6 documents5 sources

Severity

6.2MEDIUMNVD

EPSS

24.2%

top 3.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedDec 11

Latest updateMay 14

Description

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer10, 11+1

🔴Vulnerability Details

GHSA

GHSA-xv56-4f6g-pxh9: Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by lever↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit)↗2014-06-27

▶

Metasploit

MS13-097 Registry Symlink IE Sandbox Escape↗

▶

🕵️Threat Intelligence

Talos

Microsoft Update Tuesday: December 2013, some 0-day fixes↗2013-12-10

▶

Talos

Microsoft Update Tuesday: December 2013, some 0-day fixes↗2013-12-10

▶