Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability

Added: 09/25/2013
CVE: CVE-2013-3893
BID: 62453
OSVDB: 97380


Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.


Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in the HTML rendering engine (mshtml.dll). The vulnerability is triggered by the OnLoseCapture event. A remote attacker that persuades a user to open a specially crafted web page in a vulnerable version of IE could dereference already freed memory and execute arbitrary code via crafted JavaScript strings.


See Microsoft Security Advisory 2887505.



Exploit works on Microsoft Internet Explorer 8 and 9 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). JRE 6 must be installed on Windows 7.

The user must open the exploit in a vulnerable version of Internet Explorer. The chance of successful exploitation is very low against Internet Explorer 8 on Windows 7.



Back to exploit index