CISA KEV 정보
| 취약점명 | Microsoft Internet Explorer Remote Code Execution Vulnerability |
|---|---|
| 설명 | This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-94 |
| 등록일 (KEV) | 2022-03-03 |
| 조치 기한 | 2022-03-24 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2013-1347 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C설명: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
CWE: CWE-416 | CWE-416
참조
- http://technet.microsoft.com/security/advisory/2847140 [Mitigation, Patch, Vendor Advisory]
- http://www.exploit-db.com/exploits/25294 [Exploit, Third Party Advisory, VDB Entry]
- http://www.us-cert.gov/ncas/alerts/TA13-134A [Third Party Advisory, US Government Resource]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038 [Patch, Vendor Advisory]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727 [Broken Link]
- http://technet.microsoft.com/security/advisory/2847140 [Mitigation, Patch, Vendor Advisory]
- http://www.exploit-db.com/exploits/25294 [Exploit, Third Party Advisory, VDB Entry]
- http://www.us-cert.gov/ncas/alerts/TA13-134A [Third Party Advisory, US Government Resource]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038 [Patch, Vendor Advisory]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727 [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347
This product uses the NVD API but is not endorsed or certified by the NVD.