CVE-2013-3893
HIGH severity · CVSS 8.8 · Use-after-free · actively exploited (CISA KEV)
8.8CVSS HIGH exploited
Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Added to KEV 2025-08-12. US federal agencies must patch by 2025-09-02.
Summary
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)86%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspxAdvisory
- http://technet.microsoft.com/security/advisory/2887505Advisory
- http://jvn.jp/en/jp/JVN27443259/index.htmlAdvisory
- http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.htmlAdvisory
- http://www.securityfocus.com/bid/62453
- http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspxExploit
- http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.htmlExploit
- http://pastebin.com/raw.php?i=Hx1L5gu6Exploit