Microsoft Internet Explorer CVE-2013-1288 Use-After-Free Remote Code Execution Vulnerability

Bugtraq ID:	58437
Class:	Unknown
CVE:	CVE-2013-1288
Remote:	Yes
Local:	No
Published:	Mar 12 2013 12:00AM
Updated:	Apr 02 2013 11:47AM
Credit:	Gen Chen of Venustech ADLab and Qihoo 360 Security Center
Vulnerable:	Microsoft Internet Explorer 8 + Microsoft Windows 7 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for 32-bit Systems 0 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 7 for x64-based Systems 0 + Microsoft Windows 7 Home Premium 0 + Microsoft Windows 7 Home Premium - Sp1 X64 + Microsoft Windows 7 Home Premium - Sp1 X32 + Microsoft Windows Server 2008 R2 + Microsoft Windows Server 2003 Sp2 X64 + Microsoft Windows Server 2003 SP2 + Microsoft Windows Server 2003 Sp1 X64 + Microsoft Windows Server 2003 SP1 + Microsoft Windows Server 2008 R2 SP1 + Microsoft Windows Server 2008 for x64-based Systems SP2 + Microsoft Windows Server 2008 R2 x64 SP1 + Microsoft Windows Server 2008 R2 x64 0 + Microsoft Windows Server 2008 Standard Edition X64 + Microsoft Windows Server 2008 Standard Edition SP2 + Microsoft Windows Server 2008 Standard Edition 0 + Microsoft Windows Server 2008 Standard Edition - Sp2 Web + Microsoft Windows Vista SP2 + Microsoft Windows Vista SP1 + Microsoft Windows Vista Home Premium SP2 + Microsoft Windows Vista Home Premium SP1 + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Basic SP2 + Microsoft Windows Vista Home Basic SP1 + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Enterprise SP2 + Microsoft Windows Vista Enterprise SP1 + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Business SP2 + Microsoft Windows Vista Business SP1 + Microsoft Windows Vista 0 + Microsoft Windows Vista Business 64-bit edition SP2 + Microsoft Windows Vista Business 64-bit edition SP1 + Microsoft Windows Vista Business 64-bit edition 0 + Microsoft Windows Vista Enterprise 64-bit edition SP2 + Microsoft Windows Vista Enterprise 64-bit edition SP1 + Microsoft Windows Vista Enterprise 64-bit edition 0 + Microsoft Windows Vista Home Basic 64-bit edition Sp2 X64 + Microsoft Windows Vista Home Basic 64-bit edition SP2 + Microsoft Windows Vista Home Basic 64-bit edition SP1 + Microsoft Windows Vista Home Basic 64-bit edition 0 + Microsoft Windows Vista Home Premium 64-bit edition SP2 + Microsoft Windows Vista Home Premium 64-bit edition SP1 + Microsoft Windows Vista Home Premium 64-bit edition 0 + Microsoft Windows XP 0 + Microsoft Windows XP Embedded SP3 + Microsoft Windows XP Embedded SP2 + Microsoft Windows XP Embedded SP1 + Microsoft Windows XP Embedded + Microsoft Windows XP Home SP3 + Microsoft Windows XP Home SP2 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Home + Microsoft Windows XP Media Center Edition SP3 + Microsoft Windows XP Media Center Edition SP2 + Microsoft Windows XP Media Center Edition SP1 + Microsoft Windows XP Professional SP3 + Microsoft Windows XP Professional SP2 + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Professional + Microsoft Windows XP Professional x64 Edition SP2 + Microsoft Windows XP Professional x64 Edition
Not Vulnerable:

Microsoft Internet Explorer CVE-2013-1288 Use-After-Free Remote Code Execution Vulnerability

Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

Microsoft Internet Explorer 8 is affected.

Microsoft Internet Explorer CVE-2013-1288 Use-After-Free Remote Code Execution Vulnerability

The issue is being exploited in-the-wild. A commercial exploit is available through VUPEN Security - Exploit and PoCs Service.

Microsoft Internet Explorer CVE-2013-1288 Use-After-Free Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Microsoft Internet Explorer CVE-2013-1288 Use-After-Free Remote Code Execution Vulnerability

References:

• Microsoft Internet Explorer Homepage (Microsoft)