Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2013-2551 | First vendor Publication | 2013-03-11 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2551 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-416 | Use After Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16317 | |||
Oval ID: | oval:org.mitre.oval:def:16317 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-2551) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2551 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer VML Dashstyle Attributes Integer Overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2013-06-13 | MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow |
2013-06-07 | Microsoft Internet Explorer textNode Use-After-Free |
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
2014-11-16 | Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt RuleID : 31585 - Revision : 3 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt RuleID : 31584 - Revision : 3 - Type : BROWSER-IE |
2014-03-15 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 29803 - Revision : 3 - Type : BROWSER-IE |
2014-03-15 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 29802 - Revision : 3 - Type : BROWSER-IE |
2014-03-06 | Microsoft Internet Explorer VML array with negative length memory corruption ... RuleID : 29602 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Nuclear exploit kit Microsoft Internet Explorer vulnerability request RuleID : 28424 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 27062 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 27061 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26754 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26753 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer runtimeStyle memory corruption attempt RuleID : 26642 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer runtimeStyle memory corruption attempt RuleID : 26641 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer VML array with negative length memory corruption ... RuleID : 26638 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DCOMTextNode object use after free attempt RuleID : 26637 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DCOMTextNode object use after free attempt RuleID : 26636 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 26635 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 26634 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer html reload loop attempt RuleID : 26633 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26631 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26630 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer setInterval focus use after free attempt RuleID : 26629 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosur... RuleID : 26625 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosur... RuleID : 26624 - Revision : 4 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-05-15 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-037.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:25:14 |
|
2021-04-22 01:30:09 |
|
2020-05-23 13:17:02 |
|
2020-05-23 00:37:07 |
|
2018-10-13 05:18:39 |
|
2017-09-19 09:26:00 |
|
2016-10-19 21:22:32 |
|
2015-04-30 21:26:04 |
|
2014-03-06 21:20:50 |
|
2014-02-17 11:19:47 |
|
2014-01-19 21:29:20 |
|
2013-12-31 13:19:29 |
|
2013-11-04 21:27:11 |
|
2013-10-08 00:19:53 |
|
2013-07-05 10:07:25 |
|
2013-06-04 17:27:04 |
|
2013-05-16 17:03:20 |
|
2013-05-10 22:30:27 |
|
2013-03-16 18:31:08 |
|