Microsoft : Security Vulnerabilities, CVEs, Published In March 2013 (Code Execution)
CVE-2013-2551
Known exploited
Public exploit
Used for ransomware
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
Max CVSS
9.3
EPSS Score
97.21%
Published
2013-03-11
Updated
2018-10-12
CISA KEV Added
2022-03-28
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
92.40%
Published
2013-03-13
Updated
2023-12-07
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
Max CVSS
7.2
EPSS Score
0.13%
Published
2013-03-13
Updated
2023-12-07
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
Max CVSS
7.2
EPSS Score
0.13%
Published
2013-03-13
Updated
2023-12-07
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
Max CVSS
7.2
EPSS Score
0.13%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
93.57%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
93.57%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
93.57%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
92.40%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
66.26%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
93.57%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
93.57%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
92.40%
Published
2013-03-13
Updated
2023-12-07
Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
Max CVSS
9.3
EPSS Score
89.76%
Published
2013-03-13
Updated
2018-10-12
CVE-2013-0074
Known exploited
Public exploit
Used for ransomware
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
Max CVSS
9.3
EPSS Score
96.22%
Published
2013-03-13
Updated
2021-09-22
CISA KEV Added
2022-05-25
15 vulnerabilities found