CVE-2013-3893

High CVSS 8.8

Overview

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

CWE: CWE-399 Published: 2013-09-18T10:08:24.867

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.8 (HIGH)
Detected tags: rce, use_after_free (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags