Vulnerability Details : CVE-2013-3163
Public exploit exists!
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2013-3163
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
CVE-2013-3163 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Internet Explorer Memory Corruption Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Notes:
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163
Added on
2023-03-30
Action due date
2023-04-20
Exploit prediction scoring system (EPSS) score for CVE-2013-3163
95.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-3163
-
MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free
Disclosure Date: 2013-07-09First seen: 2020-04-26exploit/windows/browser/ms13_055_canchorIn IE8 standards mode, it's possible to cause a use-after-free condition by first creating an illogical table tree, where a CPhraseElement comes after CTableRow, with the final node being a sub table element. When the CPhraseElement's outer content is reset by using
CVSS scores for CVE-2013-3163
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-3163
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3163
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17363
Repository / Oval Repository
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055
Microsoft Security Bulletin MS13-055 - Critical | Microsoft Docs
-
http://www.us-cert.gov/ncas/alerts/TA13-190A
Microsoft Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
Jump to