Vulnerability Name: | CVE-2013-5045 (CCN-89296) | ||||||||
Assigned: | 2013-12-10 | ||||||||
Published: | 2013-12-10 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-5045 Source: MISC Type: Exploit, VDB Entry http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html Source: CCN Type: SA55967 Microsoft Internet Explorer Multiple Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS13-097 Cumulative Security Update for Internet Explorer (2898785) Source: CCN Type: Microsoft Security Bulletin MS14-010 Cumulative Security Update for Internet Explorer (2909921) Source: CCN Type: Microsoft Security Bulletin MS14-012 Cumulative Security Update for Internet Explorer (2925418) Source: CCN Type: Microsoft Security Bulletin MS14-018 Cumulative Security Update for Internet Explorer (2950467) Source: CCN Type: Microsoft Security Bulletin MS14-035 Cumulative Security Update for Internet Explorer (2969262) Source: CCN Type: Microsoft Security Bulletin MS14-037 Cumulative Security Update for Internet Explorer (2975687) Source: CCN Type: Microsoft Security Bulletin MS14-051 Cumulative Security Update for Internet Explorer (2976627) Source: EXPLOIT-DB Type: UNKNOWN 33893 Source: OSVDB Type: UNKNOWN 100757 Source: CCN Type: BID-64115 Microsoft Internet Explorer Enhanced Protected Mode CVE-2013-5045 Security Bypass Vulnerability Source: MS Type: UNKNOWN MS13-097 Source: XF Type: UNKNOWN ms-ie-cve20135045-priv-esc(89296) Source: CCN Type: Packet Storm Security [06-27-2014] MS13-097 Registry Symlink IE Sandbox Escape Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [06-27-2014] | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |