Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2551

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2013-2551
Last Modified 30 Dec 2013 11:23:42
Published 11 Mar 2013 06:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2551

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 10

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7

  • Microsoft Internet Explorer 8

  • Microsoft Internet Explorer 9


References

MISC - http://twitter.com/VUPEN/statuses/309479075385327617

MISC - http://twitter.com/thezdi/statuses/309452625173176320

MISC - http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

MS - MS13-037

CERT - TA13-134A

Related Patches

MS13-037 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 7 for Windows Vista x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 9 for Windows Vista x64 (KB2829530)

MS13-037 Cumulative Security Update for Internet Explorer 8 for Windows Vista x64 (KB2829530)


Last Updated: 27 May 2016 11:03:12