Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2013-12-11
Updated: 2019-05-14
Summary
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS13-099 |
bulletin_url | |
date | 2013-12-10T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2909158 |
knowledgebase_url | |
severity | Critical |
title | Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS13-099.NASL |
description | The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability in the Microsoft Scripting Runtime Object Library. An attacker could craft a malicious website designed to exploit this vulnerability via components of Internet Explorer. An attacker could then trick a user into visiting a website or opening an email attachment containing the crafted exploit. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 71314 |
published | 2013-12-11 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/71314 |
title | MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158) |