Executive Summary

TitleVulnerability in Internet Explorer Could Allow Remote Code Execution
NameKB2887505First vendor Publication2013-09-17
VendorMicrosoftLast vendor Modification2013-10-08
Severity (Vendor) N/ARevision2.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


General Information

Executive Summary

Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS13-080 to address the Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893). For more information about this issue, including download links for an available security update, please review MS13-080.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/2887505.mspx

CWE : Common Weakness Enumeration

100 %CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18665
Oval ID: oval:org.mitre.oval:def:18665
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893) - MS13-080
Description: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3893
Version: 6
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:

CPE : Common Platform Enumeration


SAINT Exploits

Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free VulnerabilityMore info here

ExploitDB Exploits

2013-10-15MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
2013-10-02Micorosft Internet Explorer SetMouseCapture Use-After-Free

Information Assurance Vulnerability Management (IAVM)

2013-10-10IAVM : 2013-A-0188 - Cumulative Security Update for Microsoft Internet Explorer
Severity : Category I - VMSKEY : V0040759

Snort® IPS/IDS

2014-01-10Microsoft Internet Explorer onlosecapture memory corruption attempt
RuleID : 27944 - Revision : 11 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer onlosecapture memory corruption attempt
RuleID : 27943 - Revision : 10 - Type : BROWSER-IE

Metasploit Database

2013-09-17 MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free

Nessus® Vulnerability Scanner

2013-10-09Name : The remote host is affected by multiple code execution vulnerabilities.
File : smb_nt_ms13-080.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2014-01-19 21:29:40
  • Multiple Updates
2014-01-03 17:19:07
  • Multiple Updates
2013-10-08 21:19:37
  • Multiple Updates
2013-09-19 00:22:23
  • Multiple Updates
2013-09-18 17:22:39
  • Multiple Updates
2013-09-18 17:10:50
  • First insertion