Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2013-1347

Published: 05/05/2013 Updated: 07/12/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 936
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Internet Explorer

Vulnerability Summary

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote malicious users to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_explorer 8

Exploits

Exploit DB: Microsoft Internet Explorer - CGenericElement Object Use-After-Free (Metasploit)
## # # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking ...

Github Repositories

https://github.com/ministryofpromise/tlp

threat language parser

threat language parser tlp is a python library that parses a body of text for indicators of compromise (iocs), leveraging the amazing textblob and nltk natural language processing modules to derive context and color around those iocs The goal of tlp is to allow security analysts and researchers to extract and store meaningful data from the endless stream of information they e

https://github.com/7h3rAm/flowinspect

A Network Inspection Tool

flowinspect A network traffic inspection tool Description: It uses libnids (via its python bindings from Jon Oberheide: pynids) to defragment IP and reassemble TCP packets (UDP is inspected on a per-packet basis) to generate network flows These flows are then inspected using the one of the four inspection modes: regex (re2 - python bindings: pyre2) fuzzy strings matching (fuz

Recent Articles

IT threat evolution Q3 2014
Securelist • David Emm Maria Garnaeva Victor Chebyshev Roman Unuchek Denis Makrushin Anton Ivanov • 18 Nov 2014

PDF version In July we published our in-depth analysis into a targeted attack campaign that we dubbed ‘Crouching Yeti’. This campaign is also known as ‘Energetic Bear’. This campaign, which has been active since late 2010, has so far targeted the following sectors:  industrial/machinery, manufacturing, pharmaceutical, construction, education and information technology.  So far there have been more than 2,800 victims worldwide, and we have been able to identify 101 different organisatio...

Read more...
Microsoft plasters IE8 hole abused in nuke lab PC meltdown
The Register • John Leyden • 09 May 2013

Security stopgap follows shock US boffinry attack

Microsoft has issued a temporary fix for a high-profile Internet Explorer 8 vulnerability. This is the bug linked to recent targeted attacks against web pages accessed by nuclear weapons research teams at the US Department of Labor website. The Fix It, released late on Wednesday, is designed to offer a temporary block against attacks based on the zero-day vulnerability ahead of a more comprehensive patch. Applying the Fix will not require a reboot, a important factor in corporate environments. M...

Read more...
Redmond probes new IE 8 vulnerability
The Register • Richard Chirgwin • 05 May 2013

Zero day appeared on US Dept of Labor site

Microsoft has confirmed a bug in Internet Explorer 8, CVE-2013-1347, which exposes user machines to remote code execution. In an advisory, Microsoft says the vulnerability “exists in the way that Internet Explorer [accesses] an object in memory that has been deleted or has not been properly allocated.” That, in turn, opens the door to memory corruption and remote code execution in the current user context. According to this blog post by Eric Roman: “A use-after-free condition occurs when a...

Read more...

References

CWE-94http://technet.microsoft.com/security/advisory/2847140http://www.exploit-db.com/exploits/25294http://www.us-cert.gov/ncas/alerts/TA13-134Ahttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038https://nvd.nist.govhttps://github.com/ministryofpromise/tlphttps://www.exploit-db.com/exploits/25294/https://www.kb.cert.org/vuls/id/237655
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook