New Search

Internet Explorer Memory Corruption Vulnerability (CVE-2013-3897) - MS13-080

oval:org.mitre.oval:def:18989

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler as exploited in the wild in September and October 2013 aka "Internet Explorer Memory Corruption Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008
  • Microsoft Windows 8
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2008 R2
Class:
vulnerability
Reference(s):
  • CVE-2013-3897
Product(s):
  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 11
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 8