Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2829530) |
Informations | |||
---|---|---|---|
Name | MS13-037 | First vendor Publication | 2013-05-14 |
Vendor | Microsoft | Last vendor Modification | 2013-05-22 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (May 22, 2013): Corrected the Common Vulnerabilities and Exposures number for CVE-2013-3140. This is an informational change only. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-037 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
75 % | CWE-416 | Use After Free |
17 % | CWE-399 | Resource Management Errors |
8 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15830 | |||
Oval ID: | oval:org.mitre.oval:def:15830 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-3140) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3140 | Version: | 7 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15979 | |||
Oval ID: | oval:org.mitre.oval:def:15979 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-0811) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0811 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16317 | |||
Oval ID: | oval:org.mitre.oval:def:16317 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-2551) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2551 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16328 | |||
Oval ID: | oval:org.mitre.oval:def:16328 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1312) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1312 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16385 | |||
Oval ID: | oval:org.mitre.oval:def:16385 | ||
Title: | Microsoft OLE Automation Remote Code Execution Vulnerability - MS13-020 | ||
Description: | Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1313 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16396 | |||
Oval ID: | oval:org.mitre.oval:def:16396 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1309) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1309 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16398 | |||
Oval ID: | oval:org.mitre.oval:def:16398 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1306) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1306 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16415 | |||
Oval ID: | oval:org.mitre.oval:def:16415 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1308) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1308 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16518 | |||
Oval ID: | oval:org.mitre.oval:def:16518 | ||
Title: | JSON Array Information Disclosure Vulnerability - (CVE-2013-1297) MS13-037 | ||
Description: | Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1297 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16650 | |||
Oval ID: | oval:org.mitre.oval:def:16650 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1307) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1307 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16689 | |||
Oval ID: | oval:org.mitre.oval:def:16689 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1310) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1310 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16738 | |||
Oval ID: | oval:org.mitre.oval:def:16738 | ||
Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1311) MS13-037 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1311 | Version: | 9 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 | |
Os | 1 |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer textNode Style Computation Use After Free Vulnerability | More info here |
Internet Explorer VML Dashstyle Attributes Integer Overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2013-06-13 | MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow |
2013-06-07 | Microsoft Internet Explorer textNode Use-After-Free |
Snort® IPS/IDS
Date | Description |
---|---|
2019-04-18 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 49496 - Revision : 1 - Type : FILE-OFFICE |
2019-04-18 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 49494 - Revision : 1 - Type : FILE-OFFICE |
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
2014-11-16 | Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt RuleID : 31585 - Revision : 3 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt RuleID : 31584 - Revision : 3 - Type : BROWSER-IE |
2014-03-15 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 29803 - Revision : 3 - Type : BROWSER-IE |
2014-03-15 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 29802 - Revision : 3 - Type : BROWSER-IE |
2014-03-06 | Microsoft Internet Explorer VML array with negative length memory corruption ... RuleID : 29602 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Nuclear exploit kit Microsoft Internet Explorer vulnerability request RuleID : 28424 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 27062 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 27061 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26754 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26753 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer runtimeStyle memory corruption attempt RuleID : 26642 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer runtimeStyle memory corruption attempt RuleID : 26641 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer VML array with negative length memory corruption ... RuleID : 26638 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DCOMTextNode object use after free attempt RuleID : 26637 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DCOMTextNode object use after free attempt RuleID : 26636 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 26635 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 26634 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer html reload loop attempt RuleID : 26633 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26631 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26630 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer setInterval focus use after free attempt RuleID : 26629 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosur... RuleID : 26625 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosur... RuleID : 26624 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 24006 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code exec... RuleID : 23845 - Revision : 8 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 23844 - Revision : 14 - Type : FILE-OFFICE |
Metasploit Database
id | Description |
---|---|
2013-03-06 | MS13-037 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-05-15 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-037.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Windows host is affected by a remote code execution vulnerability. File : smb_nt_ms13-020.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:14 |
|
2014-11-16 21:25:25 |
|
2014-03-15 21:20:36 |
|
2014-03-06 21:20:52 |
|
2014-02-17 11:47:39 |
|
2014-01-19 21:30:56 |
|
2013-12-16 21:25:31 |
|
2013-10-08 00:22:57 |
|
2013-07-20 13:22:26 |
|
2013-07-05 10:07:26 |
|
2013-05-23 00:15:37 |
|
2013-05-15 13:21:21 |
|
2013-05-14 21:15:51 |
|