Vulnerabilities > CVE-2013-1309 - USE After Free vulnerability in Microsoft Internet Explorer
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037). CVE-2013-1309. Dos exploit for Windows platform |
file | exploits/windows/dos/40893.html |
id | EDB-ID:40893 |
last seen | 2016-12-09 |
modified | 2016-12-09 |
platform | windows |
port | |
published | 2016-12-09 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/40893/ |
title | Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) |
type | dos |
Msbulletin
bulletin_id | MS13-037 |
bulletin_url | |
date | 2013-05-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2829530 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Internet Explorer |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS13-037.NASL |
description | The remote host is missing Internet Explorer (IE) Security Update 2829530. The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 66412 |
published | 2013-05-15 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/66412 |
title | MS13-037: Cumulative Security Update for Internet Explorer (2829530) |
code |
|
Oval
accepted 2014-08-18T04:01:37.114-04:00 class vulnerability contributors name SecPod Team organization SecPod Technologies name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Internet Explorer 6 is installed oval oval:org.mitre.oval:def:563 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Internet Explorer 7 is installed oval oval:org.mitre.oval:def:627 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Internet Explorer 8 is installed oval oval:org.mitre.oval:def:6210 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954 comment Microsoft Internet Explorer 9 is installed oval oval:org.mitre.oval:def:11985 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Internet Explorer 10 is installed oval oval:org.mitre.oval:def:15751 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows 8 (x86) is installed oval oval:org.mitre.oval:def:14914 comment Microsoft Windows 8 (x64) is installed oval oval:org.mitre.oval:def:15571 comment Microsoft Windows Server 2012 is installed oval oval:org.mitre.oval:def:16359
description Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. family windows id oval:org.mitre.oval:def:16396 status accepted submitted 2013-05-17T10:11:57 title Internet Explorer Use After Free Vulnerability - (CVE-2013-1309) MS13-037 version 74 accepted 2014-08-18T04:01:46.651-04:00 class vulnerability contributors name SecPod Team organization SecPod Technologies name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Internet Explorer 8 is installed oval oval:org.mitre.oval:def:6210 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954
description Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." family windows id oval:org.mitre.oval:def:16738 status accepted submitted 2013-05-17T10:11:57 title Internet Explorer Use After Free Vulnerability - (CVE-2013-1311) MS13-037 version 78
Packetstorm
data source | https://packetstormsecurity.com/files/download/140094/msie9cdispnode-uaf.txt |
id | PACKETSTORM:140094 |
last seen | 2016-12-12 |
published | 2016-12-09 |
reporter | SkyLined |
source | https://packetstormsecurity.com/files/140094/Microsoft-Internet-Explorer-MSHTML-CDispNode-InsertSiblingNode-Use-After-Free.html |
title | Microsoft Internet Explorer MSHTML CDispNode::InsertSiblingNode Use-After-Free |
References
- http://blog.skylined.nl/20161207001.html
- http://packetstormsecurity.com/files/140094/Microsoft-Internet-Explorer-MSHTML-CDispNode-InsertSiblingNode-Use-After-Free.html
- http://www.us-cert.gov/ncas/alerts/TA13-134A
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16396
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16738
- https://www.exploit-db.com/exploits/40893/