Executive Summary

Informations
NameCVE-2013-3893First vendor Publication2013-09-18
VendorCveLast vendor Modification2014-01-23

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18665
 
Oval ID: oval:org.mitre.oval:def:18665
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893) - MS13-080
Description: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3893
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application7

SAINT Exploits

DescriptionLink
Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free VulnerabilityMore info here

ExploitDB Exploits

idDescription
2013-12-03Microsoft Tagged Image File Format (TIFF) Integer Overflow
2013-10-15MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
2013-10-02Micorosft Internet Explorer SetMouseCapture Use-After-Free

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-10-10IAVM : 2013-A-0188 - Cumulative Security Update for Microsoft Internet Explorer
Severity : Category I - VMSKEY : V0040759

Snort® IPS/IDS

DateDescription
2014-05-01Microsoft Internet Explorer HtmlLayout SmartObject use after free
RuleID : 30289 - Revision : 1 - Type : BROWSER-IE
2014-04-10Microsoft Internet Explorer CAnchorElement use after free attempt
RuleID : 30105 - Revision : 1 - Type : BROWSER-IE
2014-04-10Microsoft Internet Explorer CAnchorElement use after free attempt
RuleID : 30104 - Revision : 1 - Type : BROWSER-IE
2014-04-10Microsoft Internet Explorer CAnchorElement use after free attempt
RuleID : 30103 - Revision : 1 - Type : BROWSER-IE
2014-04-10Microsoft Internet Explorer CAnchorElement use after free attempt
RuleID : 30102 - Revision : 1 - Type : BROWSER-IE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28526 - Revision : 3 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28525 - Revision : 3 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28473 - Revision : 3 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28472 - Revision : 3 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28471 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28470 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28469 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28468 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28467 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28466 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28465 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28464 - Revision : 4 - Type : FILE-OFFICE
2014-01-10Microsoft Internet Explorer swapNode memory corruption attempt
RuleID : 28208 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer swapNode memory corruption attempt
RuleID : 28207 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer deleted object memory corruption attempt
RuleID : 28204 - Revision : 1 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer HtmlLayout SmartObject use after free attempt
RuleID : 28163 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CElement use after free attempt
RuleID : 28160 - Revision : 1 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CLayoutBlock use after free attempt
RuleID : 28159 - Revision : 1 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer CLayoutBlock use after free attempt
RuleID : 28158 - Revision : 1 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer STextBlockPosition use after free attempt
RuleID : 28151 - Revision : 2 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer onlosecapture memory corruption attempt
RuleID : 27944 - Revision : 5 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer onlosecapture memory corruption attempt
RuleID : 27943 - Revision : 4 - Type : BROWSER-IE

Metasploit Database

idDescription
2013-11-05 MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow
2013-09-17 MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free
2013-10-08 MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free

Nessus® Vulnerability Scanner

DateDescription
2013-12-11Name : The remote Windows host has a remote code execution vulnerability.
File : smb_nt_ms13-096.nasl - Type : ACT_GATHER_INFO
2013-10-09Name : The remote host is affected by multiple code execution vulnerabilities.
File : smb_nt_ms13-080.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CERThttp://www.us-cert.gov/ncas/alerts/TA13-288A
CONFIRMhttp://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workar...
http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vuln...
http://technet.microsoft.com/security/advisory/2887505
JVNhttp://jvn.jp/en/jp/JVN27443259/index.html
JVNDBhttp://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html
MISChttp://pastebin.com/raw.php?i=Hx1L5gu6
MShttp://technet.microsoft.com/security/bulletin/MS13-080

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
DateInformations
2014-02-17 11:21:30
  • Multiple Updates
2014-01-24 13:19:18
  • Multiple Updates
2014-01-19 21:29:33
  • Multiple Updates
2014-01-03 17:19:04
  • Multiple Updates
2013-12-20 13:19:33
  • Multiple Updates
2013-11-11 12:40:42
  • Multiple Updates
2013-11-04 21:28:18
  • Multiple Updates
2013-10-18 17:22:11
  • Multiple Updates
2013-10-11 13:26:59
  • Multiple Updates
2013-10-06 17:18:47
  • Multiple Updates
2013-09-27 21:20:17
  • Multiple Updates
2013-09-19 13:19:47
  • Multiple Updates
2013-09-19 00:19:46
  • Multiple Updates
2013-09-18 17:19:56
  • First insertion