Vulnerability CVE-2013-3120

Vulnerability Name:

CVE-2013-3120 (CCN-84605)

Assigned:

2013-06-11

Published:

2013-06-11

Updated:

2018-10-12

Summary:

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MISC
Type: UNKNOWN
http://blog.skylined.nl/20161125001.html

Source: MITRE
Type: CNA
CVE-2013-3120

Source: CCN
Type: Microsoft Security Bulletin MS13-047
Cumulative Security Update for Internet Explorer (2838727)

Source: CCN
Type: Microsoft Security Bulletin MS13-055
Cumulative Security Update for Internet Explorer (2846071)

Source: CCN
Type: Microsoft Security Bulletin MS13-059
Cumulative Security Update for Internet Explorer (2862772)

Source: CCN
Type: Microsoft Security Bulletin MS13-069
Cumulative Security Update for Internet Explorer (2870699)

Source: CCN
Type: Microsoft Security Bulletin MS13-080
Cumulative Security Update for Internet Explorer (2879017)

Source: CCN
Type: BID-60389
Microsoft Internet Explorer CVE-2013-3120 Memory Corruption Vulnerability

Source: CERT
Type: Third Party Advisory, US Government Resource
TA13-168A

Source: MS
Type: UNKNOWN
MS13-047

Source: XF
Type: UNKNOWN
msie-cve20133120-code-execution(84605)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:16778

Source: CCN
Type: Packet Storm Security [11-25-2016]
Microsoft Internet Explorer 10 MSHTML CEditAdorner Detach Use-After-Free

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-28-2016]

Source: EXPLOIT-DB
Type: UNKNOWN
40844

Source: CCN
Type: ZDI-13-137
Microsoft Internet Explorer CSelectedControlAdorner Use-After-Free Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:ie:10:consumer_preview:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:16778	V	Internet Explorer Memory Corruption Vulnerability (CVE-2013-3120) - MS13-047	2014-08-18

BACK