CVE-2013-3897

CVE Database · CVE-2013-3897

CVE-2013-3897

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

77.46%

Published

Oct 9, 2013

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (32)

microsoft · internet_explorervulnerable

microsoft · windows_server_2003

microsoft · windows_xp

microsoft · internet_explorervulnerable

microsoft · windows_server_2003

microsoft · windows_server_2008

microsoft · windows_vista