What is the CVSS score of CVE-2013-3163?

CVE-2013-3163 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 82.9%.

Which versions of Microsoft are affected by CVE-2013-3163?

Organizations using Microsoft Internet Explorer 8 through 10 face significant risk from CVE-2013-3163, a out-of-bounds write vulnerability rated CVSS 8.8.. A patch is available.

Is there a public PoC exploit available for CVE-2013-3163?

Yes, a public proof-of-concept exploit is available for CVE-2013-3163. Prioritise patching immediately. EPSS: 82.9%.

How to fix or mitigate CVE-2013-3163?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Microsoft CVE-2013-3163

HIGH

Out-of-bounds Write (CWE-787)

2013-07-10 secure@microsoft.com

Buffer Overflow Memory Corruption Denial Of Service RCE Microsoft

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 01:15 nvd

Patch available

CVE Published

Jul 10, 2013 - 03:46 nvd

HIGH 8.8

DescriptionCVE.org

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.

AnalysisAI

Internet Explorer 8 through 10 contain a memory corruption vulnerability allowing remote code execution via crafted websites, used in targeted attacks against defense and aerospace organizations in 2013.

Technical ContextAI

The CWE-787 memory corruption occurs in IE's HTML rendering engine when processing specially crafted DOM objects. The corruption allows attackers to overwrite function pointers or vtable entries, redirecting execution to attacker-controlled code.

RemediationAI

Upgrade to modern browsers. Apply Microsoft security update MS13-055. Enable Enhanced Protected Mode in IE for additional sandboxing on supported systems.

CVE-2013-3163 vulnerability details – vuln.today

Back

Microsoft CVE-2013-3163

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code