CVE-2013-3163

HIGH
2013-07-10 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Patch Released
Oct 22, 2025 - 01:15 nvd
Patch available
PoC Detected
Oct 22, 2025 - 01:15 vuln.today
Public exploit code
Added to CISA KEV
Oct 22, 2025 - 01:15 cisa
CISA KEV
CVE Published
Jul 10, 2013 - 03:46 nvd
HIGH 8.8

Description

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.

Analysis

Internet Explorer 8 through 10 contain a memory corruption vulnerability allowing remote code execution via crafted websites, used in targeted attacks against defense and aerospace organizations in 2013.

Technical Context

The CWE-787 memory corruption occurs in IE's HTML rendering engine when processing specially crafted DOM objects. The corruption allows attackers to overwrite function pointers or vtable entries, redirecting execution to attacker-controlled code.

Affected Products

['Microsoft Internet Explorer 8', 'Microsoft Internet Explorer 9', 'Microsoft Internet Explorer 10']

Remediation

Upgrade to modern browsers. Apply Microsoft security update MS13-055. Enable Enhanced Protected Mode in IE for additional sandboxing on supported systems.

Priority Score

207
Low Medium High Critical
KEV: +50
EPSS: +82.9
CVSS: +44
POC: +20

Share

CVE-2013-3163 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy