Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2013-4015 | First vendor Publication | 2013-07-26 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4015 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26355 | |||
Oval ID: | oval:org.mitre.oval:def:26355 | ||
Title: | Microsoft Internet Explorer contains a flaw that may allow bypassing the elevation policy checks in the Enhanced Protected Mode and Protected Mode mechanisms - CVE-2013-4015 (MS13-055) | ||
Description: | Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-4015 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
ExploitDB Exploits
id | Description |
---|---|
2013-09-10 | MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free |
Snort® IPS/IDS
Date | Description |
---|---|
2017-07-27 | Microsoft Internet Explorer use after free attempt RuleID : 43338 - Revision : 2 - Type : BROWSER-IE |
2017-07-27 | Microsoft Internet Explorer use after free attempt RuleID : 43337 - Revision : 2 - Type : BROWSER-IE |
2017-03-01 | Microsoft Internet Explorer CElement object use after free attempt RuleID : 41451 - Revision : 3 - Type : BROWSER-IE |
2017-03-01 | Microsoft Internet Explorer CElement object use after free attempt RuleID : 41450 - Revision : 3 - Type : BROWSER-IE |
2016-09-01 | Microsoft Internet Explorer use after free attempt RuleID : 39764 - Revision : 2 - Type : BROWSER-IE |
2016-09-01 | Microsoft Internet Explorer use after free attempt RuleID : 39763 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer beforeeditfocus use after free exploit attempt RuleID : 28855 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer beforeeditfocus use after free exploit attempt RuleID : 28854 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CPhraseElement use after free attempt RuleID : 27909 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CPhraseElement use after free attempt RuleID : 27908 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer use after free attempt RuleID : 27172 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer use after free attempt RuleID : 27171 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer table column-count integer overflow attempt RuleID : 27157 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer table column-count integer overflow attempt RuleID : 27156 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer pElement member use after free attempt RuleID : 27154 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer use after free attempt RuleID : 27153 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer use after free attempt RuleID : 27152 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer use after free attempt RuleID : 27151 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer use after free attempt RuleID : 27150 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer beforeeditfocus use after free exploit attempt RuleID : 27149 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer beforeeditfocus use after free exploit attempt RuleID : 27148 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 IE5 compatibility mode use after free attempt RuleID : 27147 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CTreeNode use after free memory corruption attempt RuleID : 27138 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CTreeNode use after free memory corruption attempt RuleID : 27137 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 10 CTreePos use after free attempt RuleID : 27135 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer display node use after free attempt RuleID : 27134 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer display node use after free attempt RuleID : 27133 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer PreviousTreePos use after free attempt RuleID : 27132 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 CTreePos use after free attempt RuleID : 27131 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 use after free attempt RuleID : 27130 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 use after free attempt RuleID : 27129 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 10 CTreePos use-after-free attempt RuleID : 27128 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 10 CTreePos use-after-free attempt RuleID : 27127 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer setCapture use after free attempt RuleID : 27126 - Revision : 3 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-10 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-055.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13... |
XF | https://exchange.xforce.ibmcloud.com/vulnerabilities/85762 |
Alert History
Date | Informations |
---|---|
2021-05-04 12:27:05 |
|
2021-04-22 01:32:46 |
|
2020-05-23 00:37:51 |
|
2018-10-13 05:18:42 |
|
2017-08-29 09:24:17 |
|
2014-02-17 11:21:38 |
|
2013-07-26 17:20:03 |
|