{"api_version":"1","generated_at":"2026-04-26T00:11:40+00:00","cve":"CVE-2013-1347","urls":{"html":"https://cve.report/CVE-2013-1347","api":"https://cve.report/api/cve/CVE-2013-1347.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-1347","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-1347"},"summary":{"title":"CVE-2013-1347","description":"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.","state":"PUBLISHED","assigner":"microsoft","published_at":"2013-05-05 11:07:00","updated_at":"2026-04-22 16:45:05"},"problem_types":["CWE-416","n/a","CWE-416 CWE-416 Use After Free"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft Security Bulletin MS13-038 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/ncas/alerts/TA13-134A","name":"http://www.us-cert.gov/ncas/alerts/TA13-134A","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Microsoft Updates for Multiple Vulnerabilities | US-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.exploit-db.com/exploits/25294","name":"http://www.exploit-db.com/exploits/25294","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://technet.microsoft.com/security/advisory/2847140","name":"http://technet.microsoft.com/security/advisory/2847140","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"],"title":"Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-1347","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1347","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2022-03-03T00:00:00.000Z","lang":"en","value":"CVE-2013-1347 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"1347","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"internet_explorer","cpe6":"8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1347","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1347","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1347","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1347","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"r2","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1347","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_vista","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1347","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"professional","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1347","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2013","cve_id":"1347","cve":"CVE-2013-1347","vendorProject":"Microsoft","product":"Internet Explorer","vulnerabilityName":"Microsoft Internet Explorer Remote Code Execution Vulnerability","dateAdded":"2022-03-03","shortDescription":"This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-03-24","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2013-1347","cwes":"CWE-94","catalogVersion":"2026.04.24","updated_at":"2026-04-24 17:59:34"},"epss":{"cve_year":"2013","cve_id":"1347","cve":"CVE-2013-1347","epss":"0.877080000","percentile":"0.994740000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:23"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T14:57:05.135Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"25294","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"http://www.exploit-db.com/exploits/25294"},{"name":"TA13-134A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/ncas/alerts/TA13-134A"},{"name":"oval:org.mitre.oval:def:16727","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://technet.microsoft.com/security/advisory/2847140"},{"name":"MS13-038","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2013-1347","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-04T18:22:25.522595Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2022-03-03","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-22T00:05:42.978Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347"}],"timeline":[{"lang":"en","time":"2022-03-03T00:00:00.000Z","value":"CVE-2013-1347 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-05-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"25294","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"http://www.exploit-db.com/exploits/25294"},{"name":"TA13-134A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/ncas/alerts/TA13-134A"},{"name":"oval:org.mitre.oval:def:16727","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727"},{"tags":["x_refsource_CONFIRM"],"url":"http://technet.microsoft.com/security/advisory/2847140"},{"name":"MS13-038","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2013-1347","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"25294","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/25294"},{"name":"TA13-134A","refsource":"CERT","url":"http://www.us-cert.gov/ncas/alerts/TA13-134A"},{"name":"oval:org.mitre.oval:def:16727","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727"},{"name":"http://technet.microsoft.com/security/advisory/2847140","refsource":"CONFIRM","url":"http://technet.microsoft.com/security/advisory/2847140"},{"name":"MS13-038","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2013-1347","datePublished":"2013-05-05T10:00:00.000Z","dateReserved":"2013-01-12T00:00:00.000Z","dateUpdated":"2025-10-22T00:05:42.978Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2013-05-05 11:07:00","lastModifiedDate":"2026-04-22 16:45:05","problem_types":["CWE-416","n/a","CWE-416 CWE-416 Use After Free"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*","matchCriteriaId":"A52E757F-9B41-43B4-9D67-3FEDACA71283"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*","matchCriteriaId":"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*","matchCriteriaId":"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*","matchCriteriaId":"5F422A8C-2C4E-42C8-B420-E0728037E15C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*","matchCriteriaId":"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*","matchCriteriaId":"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*","matchCriteriaId":"68592FA5-6CD3-41A3-A4DA-C1C472297FF2"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*","matchCriteriaId":"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"1347","Ordinal":"1","Title":"CVE-2013-1347","CVE":"CVE-2013-1347","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"1347","Ordinal":"1","NoteData":"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.","Type":"Description","Title":"CVE-2013-1347"},{"CveYear":"2013","CveId":"1347","Ordinal":"2","NoteData":"2013-05-05","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"1347","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}