CVE-2013-5065

Known exploited
Public exploit
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
Max CVSS
7.2
EPSS Score
0.06%
Published
2013-11-28
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2013-5045

Public exploit
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
Max CVSS
6.2
EPSS Score
0.08%
Published
2013-12-11
Updated
2018-10-12

CVE-2013-3918

Public exploit
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
Max CVSS
9.3
EPSS Score
96.26%
Published
2013-11-12
Updated
2019-05-14

CVE-2013-3906

Known exploited
Public exploit
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Max CVSS
9.3
EPSS Score
97.13%
Published
2013-11-06
Updated
2023-12-07
CISA KEV Added
2022-02-15

CVE-2013-3897

Known exploited
Public exploit
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
96.50%
Published
2013-10-09
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2013-3893

Public exploit
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Max CVSS
9.3
EPSS Score
96.25%
Published
2013-09-18
Updated
2021-05-17

CVE-2013-3881

Public exploit
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
Max CVSS
7.2
EPSS Score
0.05%
Published
2013-10-09
Updated
2020-09-28

CVE-2013-3660

Known exploited
Public exploit
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
Max CVSS
6.9
EPSS Score
0.06%
Published
2013-05-24
Updated
2019-02-26
CISA KEV Added
2022-03-28

CVE-2013-3205

Public exploit
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.08%
Published
2013-09-11
Updated
2018-10-12

CVE-2013-3184

Public exploit
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.13%
Published
2013-08-14
Updated
2018-10-12

CVE-2013-3163

Known exploited
Public exploit
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
Max CVSS
9.3
EPSS Score
96.39%
Published
2013-07-10
Updated
2018-10-12
CISA KEV Added
2023-03-30

CVE-2013-2551

Known exploited
Public exploit
Used for ransomware
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
Max CVSS
9.3
EPSS Score
97.11%
Published
2013-03-11
Updated
2018-10-12
CISA KEV Added
2022-03-28

CVE-2013-1347

Known exploited
Public exploit
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
Max CVSS
9.3
EPSS Score
97.30%
Published
2013-05-05
Updated
2023-12-07
CISA KEV Added
2022-03-03

CVE-2013-1300

Public exploit
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
Max CVSS
7.2
EPSS Score
0.08%
Published
2013-07-10
Updated
2023-12-07

CVE-2013-0810

Public exploit
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
95.62%
Published
2013-09-11
Updated
2023-12-07

CVE-2013-0074

Known exploited
Public exploit
Used for ransomware
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
Max CVSS
9.3
EPSS Score
95.99%
Published
2013-03-13
Updated
2021-09-22
CISA KEV Added
2022-05-25

CVE-2013-0025

Public exploit
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
97.26%
Published
2013-02-13
Updated
2018-10-12

CVE-2013-0008

Public exploit
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
Max CVSS
7.2
EPSS Score
0.07%
Published
2013-01-09
Updated
2023-12-07
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!