Internet Explorer Use After Free Vulnerability (CVE-2013-2551)

Publish date: July 21, 2015

Severity: CRITICAL

CVE Identifier: 2013-2551

Advisory Date: JUL 21, 2015

DESCRIPTION

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. nvd: CWE 416 User-after-free http://cwe.mitre.org/data/definitions/416.html

TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

SOLUTION

Trend Micro Deep Security DPI Rule Number: 1005510

Trend Micro Deep Security DPI Rule Name: 1005510 - Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-2551)

AFFECTED SOFTWARE AND VERSION

microsoft internet_explorer 10
microsoft internet_explorer 6
microsoft internet_explorer 7
microsoft internet_explorer 8
microsoft internet_explorer 9

Featured Stories

$One Flaw too Many: Vulnerabilities in SCADA Systems$
One Flaw too Many: Vulnerabilities in SCADA Systems
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Read more
$Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry$
Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
We break down the digital attacks against the oil and gas industry and its supply chain.
Read more
$halloween exploits vulnerabilities bluekeep chrome zero days$
Halloween Exploits Scare: BlueKeep, Chrome’s Zero-Days in the Wild
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Read more
$PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers$
PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.
Read more