Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2013-3918

Published: 12/11/2013 Updated: 14/05/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote malicious users to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows rt 8.1 -

microsoft windows server 2008 r2

microsoft windows 7

microsoft windows 8 -

microsoft windows rt -

microsoft windows server 2008 sp2

microsoft windows server 2003 -

microsoft windows server 2012 -

microsoft windows xp -

microsoft windows server 2012 r2

microsoft windows 8.1 -

microsoft windows vista -

Exploits

Exploit DB: Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090) (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' ...

Github Repositories

https://github.com/exp-sky/XKungFoo-2013

XKungFoo 2013 PPT

XKungFoo-2013 XKungFoo 2013《IE 0day Analysis And Exploit》 主要通过对多个IE相关漏洞的分析与总结,向大家介绍像IE这样复杂、庞大并且无源码的应用软件在发生漏洞时,我们如何对其进行快速、深入并准确的分析。主要以两个IE 0day漏洞CVE-2013-3893和CVE-2013-3918来举例,通过实际的分析思路与步骤对

Recent Articles

Microsoft Updates November 2013 – Burning the 0day
Securelist • Kurt Baumgartner • 12 Nov 2013

Microsoft’s November 2013 Patch Tuesday delivers a set of three critical Bulletins and five Bulletins rated “important”. This month’s MS13-088 patches eight critical vulnerabilities and two important vulnerabilities in Internet Explorer. Overall, Microsoft is addressing 19 issues in Internet Explorer, Office and Windows itself. The star of the show is MS13-090 which addresses CVE-2013-3918, an ActiveX vulnerability being attacked through Internet Explorer, revealed on the 8th by the guys...

Read more...
Feeling twitchy about nasty IE 0-day? Microsoft promises relief today
The Register • John Leyden • 12 Nov 2013

Patch Tuesday offers balm for latest cyber-blight

An unpatched flaw in Internet Explorer that become the topic of a high-profile warning over the weekend will be patched later on Tuesday, Microsoft promises. The CVE-2013-3918 vulnerability, affecting an Internet Explorer ActiveX Control, shipped up in active attacks detected by net security firm FireEye, sparking a high-profile warning. The flaw has already been abused in a variety of attacks by a group linked to the Operation DeputyDog assaults against targets in Japan and China. However by a ...

Read more...

References

CWE-119http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.htmlhttp://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspxhttps://isc.sans.edu/forums/diary/16985http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814/http://www.us-cert.gov/ncas/alerts/TA13-317Ahttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19089https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090https://nvd.nist.govhttps://github.com/exp-sky/XKungFoo-2013https://www.exploit-db.com/exploits/29857/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook