Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability
Added: 09/25/2013CVE: CVE-2013-3893
BID: 62453
OSVDB: 97380
Background
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.Problem
Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in the HTML rendering engine (mshtml.dll). The vulnerability is triggered by the OnLoseCapture event. A remote attacker that persuades a user to open a specially crafted web page in a vulnerable version of IE could dereference already freed memory and execute arbitrary code via crafted JavaScript strings.Resolution
See Microsoft Security Advisory 2887505.References
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspxhttp://secunia.com/advisories/54884/
Limitations
Exploit works on Microsoft Internet Explorer 8 and 9 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). JRE 6 must be installed on Windows 7.The user must open the exploit in a vulnerable version of Internet Explorer. The chance of successful exploitation is very low against Internet Explorer 8 on Windows 7.
Platforms
WindowsBack to exploit index