Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.
Max CVSS
10.0
EPSS Score
0.59%
Published
2013-03-13
Updated
2013-03-16
The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Max CVSS
7.5
EPSS Score
3.09%
Published
2013-03-11
Updated
2013-03-16
Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "ASLR Security Feature Bypass Vulnerability."
Max CVSS
7.5
EPSS Score
3.36%
Published
2013-03-11
Updated
2023-12-07
Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
Max CVSS
7.5
EPSS Score
0.20%
Published
2013-03-11
Updated
2018-10-30
Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
Max CVSS
7.2
EPSS Score
0.05%
Published
2013-03-11
Updated
2018-10-30
Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Max CVSS
7.5
EPSS Score
5.65%
Published
2013-03-11
Updated
2013-03-16

CVE-2013-2551

Known exploited
Public exploit
Used for ransomware
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
Max CVSS
9.3
EPSS Score
97.11%
Published
2013-03-11
Updated
2018-10-12
CISA KEV Added
2022-03-28
Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message.
Max CVSS
5.8
EPSS Score
2.14%
Published
2013-03-29
Updated
2013-04-02
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.56%
Published
2013-03-13
Updated
2023-12-07
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
Max CVSS
7.2
EPSS Score
0.12%
Published
2013-03-13
Updated
2023-12-07
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
Max CVSS
7.2
EPSS Score
0.12%
Published
2013-03-13
Updated
2023-12-07
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
Max CVSS
7.2
EPSS Score
0.12%
Published
2013-03-13
Updated
2023-12-07
Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
Max CVSS
5.0
EPSS Score
7.68%
Published
2013-03-13
Updated
2018-10-12
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.03%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.03%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.03%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.56%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
63.40%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.03%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.03%
Published
2013-03-13
Updated
2023-12-07
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
Max CVSS
9.3
EPSS Score
91.56%
Published
2013-03-13
Updated
2023-12-07
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
Max CVSS
5.0
EPSS Score
3.30%
Published
2013-03-13
Updated
2018-10-12
Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
Max CVSS
7.8
EPSS Score
33.24%
Published
2013-03-13
Updated
2018-10-12
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
Max CVSS
7.5
EPSS Score
82.21%
Published
2013-03-13
Updated
2018-10-12
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
Max CVSS
4.3
EPSS Score
95.71%
Published
2013-03-13
Updated
2018-10-12
28 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!