Vulnerabilities > CVE-2013-5056 - USE After Free vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS13-099 |
| bulletin_url | |
| date | 2013-12-10T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2909158 |
| knowledgebase_url | |
| severity | Critical |
| title | Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS13-099.NASL |
| description | The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability in the Microsoft Scripting Runtime Object Library. An attacker could craft a malicious website designed to exploit this vulnerability via components of Internet Explorer. An attacker could then trick a user into visiting a website or opening an email attachment containing the crafted exploit. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 71314 |
| published | 2013-12-11 |
| reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/71314 |
| title | MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158) |