Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2013-3893

Description

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

POC

Reference

- http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.html

Github

- https://github.com/0xcyberpj/malware-reverse-exploitdev

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/CryptoGenNepal/CVE-KEV-RSS

- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections

- https://github.com/DevGreick/devgreick

- https://github.com/R0B1NL1N/APTnotes

- https://github.com/SkyBulk/the-day-of-nightmares

- https://github.com/cone4/AOT

- https://github.com/dyjakan/exploit-development-case-studies

- https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections

- https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections

- https://github.com/evilbuffer/malware-and-exploitdev-resources

- https://github.com/exp-sky/XKungFoo-2013

- https://github.com/hutgrabber/exploitdev-resources

- https://github.com/iwarsong/apt

- https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections

- https://github.com/kbandla/APTnotes

- https://github.com/likekabin/APT_CyberCriminal_Campagin_Collections

- https://github.com/likekabin/CyberMonitor-APT_CyberCriminal_Campagin_Collections

- https://github.com/likescam/APT_CyberCriminal_Campagin_Collections

- https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections

- https://github.com/paulveillard/cybersecurity-windows-exploitation

- https://github.com/retr0-13/malware-and-exploitdev-resources

- https://github.com/ricew4ng/BrowserSecurity

- https://github.com/ser4wang/BrowserSecurity

- https://github.com/sumas/APT_CyberCriminal_Campagin_Collections

- https://github.com/travelworld/cve_2013_3893_trigger.html

- https://github.com/ums91/CISA_BOT

- https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References