Vulnerabilities > CVE-2013-5056 - USE After Free vulnerability in Microsoft products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
CWE-416
critical
nessus

Summary

Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS13-099
bulletin_url
date2013-12-10T00:00:00
impactRemote Code Execution
knowledgebase_id2909158
knowledgebase_url
severityCritical
titleVulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS13-099.NASL
descriptionThe remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability in the Microsoft Scripting Runtime Object Library. An attacker could craft a malicious website designed to exploit this vulnerability via components of Internet Explorer. An attacker could then trick a user into visiting a website or opening an email attachment containing the crafted exploit.
last seen2020-06-01
modified2020-06-02
plugin id71314
published2013-12-11
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/71314
titleMS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)