cve-2013-3893 vulnerabilities and exploits

9.3
CVSSv2
CVE-2013-3893

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of...

MicrosoftInternet Explorer
9.3
CVSSv2
CVE-2012-1876

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element...

MicrosoftIe
9.3
CVSSv2
CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold...

MicrosoftWindows 7Windows 8Windows 8.1Windows RtWindows Rt 8.1Windows Server 2003Windows Server 2008Windows Server 2012Windows VistaWindows Xp
9.3
CVSSv2
CVE-2011-1260

Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."...

MicrosoftIe
7.6
CVSSv2
CVE-2019-0539

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from...

MicrosoftChakracoreEdge
5
CVSSv2
CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR...

9.3
CVSSv2
CVE-2014-0322

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February...

MicrosoftInternet Explorer
9.3
CVSSv2
CVE-2015-2545

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."...

MicrosoftOffice
9.3
CVSSv2
CVE-2014-4114

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in...

MicrosoftWindows 7Windows 8Windows 8.1Windows RtWindows Rt 8.1Windows Server 2008Windows Server 2012Windows Vista
10
CVSSv2
CVE-2015-5122

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on...