Vulnerabilities > CVE-2013-1347 - Use After Free vulnerability in Microsoft Internet Explorer 8

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

microsoft

CWE-416

nessus

exploit available

metasploit

NVD

Published: 2013-05-05

Updated: 2024-07-16

Summary

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 8	1
OS	Microsoft Microsoft Windows 7 - Microsoft Windows Server 2003 - Microsoft Windows Server 2008 - Microsoft Windows Server 2008 R2 Microsoft Windows Vista - Microsoft Windows XP -	7

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Exploit-Db

description	Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability. CVE-2013-1347. Remote exploit for windows platform
file	exploits/windows/remote/25294.rb
id	EDB-ID:25294
last seen	2016-02-03
modified	2013-05-07
platform	windows
port
published	2013-05-07
reporter	metasploit
source	https://www.exploit-db.com/download/25294/
title	Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
type	remote

Metasploit

description	This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild on 2013 May, in the compromise of the Department of Labor (DoL) Website.
id	MSF:EXPLOIT/WINDOWS/BROWSER/IE_CGENERICELEMENT_UAF
last seen	2020-06-10
modified	2017-07-24
published	2013-05-05
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347 http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx http://r-7.co/IE8-DOL
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/ie_cgenericelement_uaf.rb
title	MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability

Msbulletin

bulletin_id	MS13-038
bulletin_url
date	2013-05-14T00:00:00
impact	Remote Code Execution
knowledgebase_id	2847204
knowledgebase_url
severity	Critical
title	Security Update for Internet Explorer

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS13-038.NASL
description	The remote host is missing Internet Explorer (IE) Security Update 2847204. The installed version of IE is affected by a use-after-free vulnerability that could allow an attacker to execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	66413
published	2013-05-15
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66413
title	MS13-038: Security Update for Internet Explorer (2847204)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66413); script_version("1.15"); script_cvs_date("Date: 2018/11/15 20:50:31"); script_cve_id("CVE-2013-1347"); script_bugtraq_id(59641); script_xref(name:"CERT", value:"237655"); script_xref(name:"EDB-ID", value:"25294"); script_xref(name:"MSFT", value:"MS13-038"); script_xref(name:"MSKB", value:"2847204"); script_name(english:"MS13-038: Security Update for Internet Explorer (2847204)"); script_summary(english:"Checks version of Mshtml.dll"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by a code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote host is missing Internet Explorer (IE) Security Update 2847204. The installed version of IE is affected by a use-after-free vulnerability that could allow an attacker to execute arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-038"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, and 8."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/03"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS13-038'; kb = '2847204'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( # Windows 7 / 2008 R2 # # - Internet Explorer 9 hotfix_is_vulnerable(os:"6.1", file:"Mshtml.dll", version:"9.0.8112.20594", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", file:"Mshtml.dll", version:"9.0.8112.16484", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # - Internet Explorer 8 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22299", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18129", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Vista / 2008 # # - Internet Explorer 9 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20594", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16484", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # - Internet Explorer 8 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23487", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19421", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Windows 2003 / XP 64-bit # # - Internet Explorer 8 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23487", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Windows XP x86 # # - Internet Explorer 8 hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23487", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

NASL family	Windows
NASL id	SMB_KB2847140.NASL
description	The remote host is missing one of the workarounds referenced in KB 2847140. The remote version of IE reportedly has a use-after-free flaw related to how CGenericElement objects are handled that could result in arbitrary code execution on the remote system. This plugin has been deprecated due to the publication of MS13-038. Microsoft has released updates that make the workarounds unnecessary. To check for those, use Nessus plugin ID 66413.
last seen	2017-10-29
modified	2017-08-30
plugin id	66329
published	2013-05-09
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=66329
title	MS KB2847140: Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution (deprecated)
code	#%NASL_MIN_LEVEL 999999 #@DEPRECATED@ # # Disabled on 2013/05/15. Deprecated by smb_nt_ms13-038.nasl # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66329); script_version("1.12"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_cve_id("CVE-2013-1347"); script_bugtraq_id(59641); script_xref(name:"CERT", value:"237655"); script_xref(name:"MSKB", value:"2847140"); script_name(english:"MS KB2847140: Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution (deprecated)"); script_summary(english:"Checks if workarounds referenced in KB article have been applied."); script_set_attribute( attribute:"synopsis", value:"The remote host is affected by a remote code execution vulnerability." ); script_set_attribute( attribute:"description", value: "The remote host is missing one of the workarounds referenced in KB 2847140. The remote version of IE reportedly has a use-after-free flaw related to how CGenericElement objects are handled that could result in arbitrary code execution on the remote system. This plugin has been deprecated due to the publication of MS13-038. Microsoft has released updates that make the workarounds unnecessary. To check for those, use Nessus plugin ID 66413."); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/advisory/2847140"); script_set_attribute( attribute:"solution", value: "Apply the IE settings workarounds suggested by Microsoft in the advisory, or apply the MSHTML Shim workaround in the Microsoft 'Fix it' solution." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("microsoft_emet_installed.nasl", "smb_hotfixes.nasl"); script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion"); script_require_ports(139, 445); exit(0); } exit(0, 'This plugin has been deprecated. Use smb_nt_ms13-038.nasl (plugin ID 66413) instead.'); include('audit.inc'); include('global_settings.inc'); include("smb_hotfixes.inc"); include("misc_func.inc"); include("smb_func.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_reg_query.inc"); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); # Only IE 8 is affected version = get_kb_item_or_exit("SMB/IE/Version"); v = split(version, sep:".", keep:FALSE); if (int(v[0]) != 8) exit(0, "IE version "+ version + " is not known to be affected."); registry_init(); hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE); systemroot = hotfix_get_systemroot(); if(!systemroot) audit(AUDIT_FN_FAIL, 'hotfix_get_systemroot'); guid = '{d1bc5fb9-8846-4c1c-98d0-2d415d4c6df6}'; path = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\" + guid); RegCloseKey(handle:hklm); if (isnull(path)) path = systemroot + "\AppPatch\Custom\" + guid + '.sdb'; # Now make sure the file is in place if (hotfix_file_exists(path:path)) { hotfix_check_fversion_end(); exit(0, "The host is not affected since the Microsoft 'Fix it' has been applied."); } # hotfix_file_exists calls NetUseDel(close:FALSE), so we must reconnect registry_init(); emet_info = ''; emet_installed = FALSE; emet_with_ie = FALSE; if (!isnull(get_kb_item("SMB/Microsoft/EMET/Installed"))) emet_installed = TRUE; # Check if EMET is configured with IE. # The workaround does not specifically ask to enable DEP # but if IE is configured with EMET, dep is enabled by default. emet_list = get_kb_list("SMB/Microsoft/EMET/*"); if (!isnull(emet_list)) { foreach entry (keys(emet_list)) { if ("iexplore.exe" >< entry && "/dep" >< entry) { dep = get_kb_item(entry); if (!isnull(dep) && dep == 1) emet_with_ie = TRUE; } } } if (!emet_installed) { emet_info = '\n Microsoft Enhanced Mitigation Experience Toolkit (EMET) is not' + '\n installed.'; } else if (emet_installed) { if (!emet_with_ie) { emet_info = '\n Microsoft Enhanced Mitigation Experience Toolkit (EMET) is' + '\n installed, however Internet Explorer is not configured with EMET.'; } } info_user_settings = ''; # check mitigation per user hku = registry_hive_connect(hive:HKEY_USERS, exit_on_fail:TRUE); subkeys = get_registry_subkeys(handle:hku, key:''); foreach key (subkeys) { if ('.DEFAULT' >< key \|\| 'Classes' >< key \|\| key =~ "^S-1-5-\d{2}$") # skip built-in accounts continue; mitigation = FALSE; # "Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones" key_part_intranet = '\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel'; key_part_internet = '\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel'; value = get_registry_value(handle:hku, item:key + key_part_intranet); value1 = get_registry_value(handle:hku, item:key + key_part_internet); if (isnull(value) && isnull(value1)) continue; # 0x00012000 = 73728 = High Security if (!isnull(value) && !isnull(value1) && value == 73728 && value1 == 73728) mitigation = TRUE; # "Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone" key_part_intranet = '\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\1400'; key_part_internet = '\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\1400'; value = get_registry_value(handle:hku, item:key + key_part_intranet); value1 = get_registry_value(handle:hku, item:key + key_part_internet); # 1 = prompt, 3 = disable if (!isnull(value) && !isnull(value1) && (value == 1 \|\| value == 3) && (value1 == 1 \|\| value1 == 3)) mitigation = TRUE; if (!mitigation) info_user_settings += '\n ' + key + ' (Active Scripting Enabled)'; } RegCloseKey(handle:hku); hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE); # check if user settings have been overriden by what is in HKLM # note: Security_HKLM_only can be set by group policy value = get_registry_value(handle:hklm, item:'SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only'); if (info_user_settings != '' && !isnull(value) && value == 1) { mitigation = FALSE; # "Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones" key_part_intranet = 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel'; key_part_internet = 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel'; value = get_registry_value(handle:hklm, item:key_part_intranet); value1 = get_registry_value(handle:hklm, item:key_part_internet); # 0x00012000 = 73728 = High Security if (!isnull(value) && !isnull(value1) && value == 73728 && value1 == 73728) mitigation = TRUE; # "Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone" key_part_intranet = 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\1400'; key_part_internet = 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\1400'; value = get_registry_value(handle:hklm, item:key_part_intranet); value1 = get_registry_value(handle:hklm, item:key_part_internet); # 1 = prompt, 3 = disable if (!isnull(value) && !isnull(value1) && (value == 1 \|\| value == 3) && (value1 == 1 \|\| value1 == 3)) mitigation = TRUE; if (mitigation) info_user_settings = ''; } RegCloseKey(handle:hklm); close_registry(); if (info_user_settings != '') { port = get_kb_item('SMB/transport'); if (!port) port = 445; if (report_verbosity > 0) { if (emet_info != '') report = '\n The remote host is missing the MSHTML Shim workaround and the' + '\n following users have vulnerable IE settings :' + info_user_settings + '\n' + emet_info + '\n'; else report = '\n The remote host is missing the MSHTML Shim workaround and the' + '\n following users have vulnerable IE settings :' + info_user_settings + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else exit(0, "The host is not affected since a workaround has been applied.");

Oval

accepted

2014-08-18T04:01:46.328-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Internet Explorer 8 is installed
oval oval:org.mitre.oval:def:6210
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft Internet Explorer 9 is installed
oval oval:org.mitre.oval:def:11985
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438

description

family

windows

oval:org.mitre.oval:def:16727

status

accepted

submitted

2013-05-17T09:52:06

title

Internet Explorer Use After Free Vulnerability - MS13-038

version

Packetstorm

data source	https://packetstormsecurity.com/files/download/121542/ie_cgenericelement_uaf.rb.txt
id	PACKETSTORM:121542
last seen	2016-12-05
published	2013-05-07
reporter	sinn3r
source	https://packetstormsecurity.com/files/121542/Microsoft-Internet-Explorer-CGenericElement-Object-Use-After-Free.html
title	Microsoft Internet Explorer CGenericElement Object Use-After-Free

Saint

bid	59641
description	Internet Explorer CGenericElement Object Use-after-free Vulnerability
id	win_patch_ie_v8
osvdb	92993
title	ie_cgenericelement_memory_corruption
type	client

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:60790
last seen	2017-11-19
modified	2013-05-17
published	2013-05-17
reporter	Root
title	Microsoft Internet Explorer 释放后重用远程代码执行漏洞(CVE-2013-1347)(MS13-038)

bulletinFamily	exploit
description	No description provided by source.
id	SSV:60781
last seen	2017-11-19
modified	2013-05-07
published	2013-05-07
reporter	Root
title	Microsoft IE 8远程代码执行漏洞(CVE-2013-1347)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

Msbulletin

Nessus

Oval

Packetstorm

Saint

Seebug

References