Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Published 2013-08-14 11:10:36
Updated 2018-10-12 22:04:47
View at NVD,
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2013-3184

Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2013-3184

  • MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
    Disclosure Date: 2013-06-27
    First seen: 2020-04-26
    This is a memory corruption bug found in Microsoft Internet Explorer. On IE 9, it seems to only affect certain releases of mshtml.dll, ranging from a newly installed IE9 (9.0.8112.16446), to 9.00.8112.16502 (July 2013 update). IE8 requires a different way to trigger

CVSS scores for CVE-2013-3184

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen

CWE ids for CVE-2013-3184

  • The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
    Assigned by: (Primary)

References for CVE-2013-3184

Products affected by CVE-2013-3184

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to terms of use!