CVE-2013-3893

KEV
Published: Set 18, 2013 Last Modified: Ott 22, 2025
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,8
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 9,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,8121
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

416

Use After Free

Stable
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Confidentiality
Potential Impacts:
Modify Memory Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
Exploit

Micorosft Internet Explorer - SetMouseCapture Use-After-Free (Metasploit)

Verified Metasploit Framework (MSF)

Micorosft Internet Explorer - SetMouseCapture Use-After-Free (Metasploit)

Author: Metasploit Published: Status: Verified
View Exploit Code →
Exploit

Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use …

Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free

Author: SlidingWindow Published:
View Exploit Code →
Application

Internet Explorer by Microsoft

Product Information
Vendor Microsoft
Product Internet Explorer
Version 7
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Internet Explorer by Microsoft

Product Information
Vendor Microsoft
Product Internet Explorer
Version 11
cpe:2.3:a:microsoft:internet_explorer:11:developer-preview:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Internet Explorer by Microsoft

Product Information
Vendor Microsoft
Product Internet Explorer
Version 6
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Internet Explorer by Microsoft

Product Information
Vendor Microsoft
Product Internet Explorer
Version 8
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Internet Explorer by Microsoft

Product Information
Vendor Microsoft
Product Internet Explorer
Version 9
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Internet Explorer by Microsoft

Product Information
Vendor Microsoft
Product Internet Explorer
Version 10
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Internet Explorer by Microsoft

Product Information
Vendor Microsoft
Product Internet Explorer
Version 11
cpe:2.3:a:microsoft:internet_explorer:11:release-preview:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013…
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-…
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workarou…
http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-…
http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulner…
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html
http://jvn.jp/en/jp/JVN27443259/index.html
http://jvn.jp/en/jp/JVN27443259/index.html
http://packetstormsecurity.com/files/162585/Microsoft-Inter…
http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMo…
http://pastebin.com/raw.php?i=Hx1L5gu6
http://pastebin.com/raw.php?i=Hx1L5gu6
https://docs.microsoft.com/en-us/security-updates/securityb…
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-0…
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://technet.microsoft.com/security/advisory/2887505
http://technet.microsoft.com/security/advisory/2887505
http://www.securityfocus.com/bid/62453
http://www.securityfocus.com/bid/62453
http://www.us-cert.gov/ncas/alerts/TA13-288A
http://www.us-cert.gov/ncas/alerts/TA13-288A
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-…
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workarou…
http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-…
http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulner…
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html
http://jvn.jp/en/jp/JVN27443259/index.html
http://jvn.jp/en/jp/JVN27443259/index.html
http://packetstormsecurity.com/files/162585/Microsoft-Inter…
http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMo…
http://pastebin.com/raw.php?i=Hx1L5gu6
http://pastebin.com/raw.php?i=Hx1L5gu6
https://docs.microsoft.com/en-us/security-updates/securityb…
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-0…
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://technet.microsoft.com/security/advisory/2887505
http://technet.microsoft.com/security/advisory/2887505
http://www.securityfocus.com/bid/62453
http://www.securityfocus.com/bid/62453
http://www.us-cert.gov/ncas/alerts/TA13-288A
http://www.us-cert.gov/ncas/alerts/TA13-288A