CVE-2013-1347

CVE Database · CVE-2013-1347

CVE-2013-1347

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

77.89%

Published

May 5, 2013

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Internet Explorer - CGenericElement Object Use-After-Free (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (8)

microsoft · internet_explorervulnerable

microsoft · windows_7

microsoft · windows_server_2003

microsoft · windows_server_2008

microsoft · windows_vista

microsoft · windows_xp

References (11)

http://technet.microsoft.com/security/advisory/2847140

MitigationPatchVendor Advisory

http://www.exploit-db.com/exploits/25294

ExploitThird Party AdvisoryVDB Entry

http://www.us-cert.gov/ncas/alerts/TA13-134A

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs