The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability.
Source: MITRE
Max CVSS
4.0
EPSS Score
0.04%
Published
2013-12-07
Updated
2024-05-17
Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue.
Source: MITRE
Max CVSS
7.1
EPSS Score
1.18%
Published
2013-11-18
Updated
2013-11-19
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
94.29%
Published
2013-12-11
Updated
2019-05-14
Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
89.45%
Published
2013-12-11
Updated
2018-10-12
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
89.45%
Published
2013-12-11
Updated
2018-10-12
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
81.60%
Published
2013-12-11
Updated
2018-10-12
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
81.60%
Published
2013-12-11
Updated
2018-10-12
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
81.60%
Published
2013-12-11
Updated
2018-10-12
Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.
Source: MITRE
Max CVSS
4.3
EPSS Score
3.26%
Published
2013-12-30
Updated
2013-12-30
Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."
Source: Flexera Software LLC
Max CVSS
9.3
EPSS Score
95.49%
Published
2013-11-13
Updated
2019-05-14

CVE-2013-3918

Public exploit
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
96.33%
Published
2013-11-12
Updated
2019-05-14
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3915.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
91.14%
Published
2013-11-13
Updated
2018-10-12
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3912.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
90.41%
Published
2013-11-13
Updated
2018-10-12
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3917.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
90.41%
Published
2013-11-13
Updated
2018-10-12
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
90.41%
Published
2013-11-13
Updated
2018-10-12
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3916.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
91.14%
Published
2013-11-13
Updated
2018-10-12
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
91.14%
Published
2013-11-13
Updated
2018-10-12
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
91.14%
Published
2013-11-13
Updated
2018-10-12
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.7
EPSS Score
0.06%
Published
2013-12-11
Updated
2019-05-08
Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host OS crash), via a guest-to-host hypercall with a crafted function parameter, aka "Address Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
7.9
EPSS Score
6.40%
Published
2013-11-13
Updated
2018-10-12

CVE-2013-3897

Known exploited
Public exploit
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
96.38%
Published
2013-10-09
Updated
2018-10-12
CISA KEV Added
2022-03-03
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
90.41%
Published
2013-10-09
Updated
2018-10-12
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3882.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
90.41%
Published
2013-10-09
Updated
2018-10-12
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3885.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
90.41%
Published
2013-10-09
Updated
2018-10-12
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
90.41%
Published
2013-10-09
Updated
2018-10-12
127 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!