What is the CVSS score of CVE-2013-3893?

CVE-2013-3893 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 81.2%.

Which versions of Microsoft are affected by CVE-2013-3893?

CVE-2013-3893 presents significant security risk rated CVSS 8.8. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

Is there a public PoC exploit available for CVE-2013-3893?

Yes, a public proof-of-concept exploit is available for CVE-2013-3893. Prioritise patching immediately. EPSS: 81.2%.

How to fix or mitigate CVE-2013-3893?

Within 24 hours: Identify all affected systems running the SetMouseCapture implementation in mshtml.dll in Microsof and apply vendor patches immediately. Monitor vendor channels for patch availability.

Microsoft CVE-2013-3893

HIGH

Resource Management Errors (CWE-399)

2013-09-18 secure@microsoft.com

RCE Microsoft

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

CVE Published

Sep 18, 2013 - 10:08 nvd

HIGH 8.8

DescriptionNVD

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

AnalysisAI

Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation that allows remote code execution through crafted JavaScript, exploited in targeted attacks via ms-help: URL protocol.

Technical ContextAI

The CWE-399 use-after-free occurs in the mouse capture subsystem of mshtml.dll. Attackers used crafted JavaScript strings to trigger the free and reuse cycle. The innovative exploitation technique used ms-help: protocol URLs to load hxds.dll, a non-ASLR module, providing predictable gadget addresses for ROP chains.

RemediationAI

Apply Microsoft security update MS13-080. Disable the ms-help: URL protocol handler. Deploy EMET or Windows Defender Exploit Guard with forced ASLR.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2013-3893 vulnerability details – vuln.today

Back

Microsoft CVE-2013-3893

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code