Vulnerability Details : CVE-2013-5045
Public exploit exists!
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
Vulnerability category: Gain privilege
Products affected by CVE-2013-5045
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5045
16.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-5045
-
MS13-097 Registry Symlink IE Sandbox Escape
Disclosure Date: 2013-12-10First seen: 2020-04-26exploit/windows/local/ms13_097_ie_registry_symlinkThis module exploits a vulnerability in Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The vulnerability exists in the IESetProtectedModeRegKeyOnly function from the ieframe.dll component,
CVSS scores for CVE-2013-5045
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST |
CWE ids for CVE-2013-5045
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5045
-
http://www.osvdb.org/100757
404 Not Found
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097
Microsoft Security Bulletin MS13-097 - Critical | Microsoft Docs
-
http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html
MS13-097 Registry Symlink IE Sandbox Escape ≈ Packet StormExploit;VDB Entry
-
http://www.exploit-db.com/exploits/33893
Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit) - Windows local Exploit
Jump to