CVE-2013-1347
KEV
🔴 Łataj teraz
Błąd w Microsoft Internet Explorer 8 umożliwia zdalne wykonanie kodu przez atakujących.
CVSS
8.8
EPSS
87.7%
Exploit
weaponized
Vendor
microsoft
Opis źródłowy (NVD)
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 87.7% |
| Opublikowano (NVD) | 2013-05-05 11:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 16:45:05 UTC |
Referencje
- http://technet.microsoft.com/security/advisory/2847140 (secure@microsoft.com) [Mitigation, Patch, Vendor Advisory]
- http://www.exploit-db.com/exploits/25294 (secure@microsoft.com) [Exploit, Third Party Advisory, VDB Entry]
- http://www.us-cert.gov/ncas/alerts/TA13-134A (secure@microsoft.com) [Third Party Advisory, US Government Resource]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038 (secure@microsoft.com) [Patch, Vendor Advisory]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727 (secure@microsoft.com) [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]