HighCISA KEVExploited in the wildPublic exploit

Internet Explorer CDisplayPointer use-after-free memory corruption

IdentifiersCVE-2013-3897CWE-416· Use After Free

CVE-2013-3897 is a use-after-free vulnerability in the CDisplayPointer class within mshtml.dll in Microsoft Internet Explorer 6 through 11. The flaw is triggered by crafted JavaScript that abuses the onpropertychange event handler, causing Internet Explorer to access freed memory and resulting in memory corruption. Microsoft referred to it as an Internet Explorer Memory Corruption Vulnerability, and reporting in the provided content indicates it was exploited in the wild in 2013 and later incorporated into exploit kits including Sedkit and Grandsoft/Private EK. ESET’s reporting specifically notes Sedkit used this vulnerability against Internet Explorer 8 as part of a targeted exploit chain.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can lead to arbitrary code execution in the security context of the current user. If code execution is not achieved, the vulnerability can still cause a denial of service via browser crash due to memory corruption. In practical exploitation, the flaw was used as a client-side initial access vector to deliver malware loaders and second-stage espionage payloads.

Mitigation

If you can’t patch tonight, do this now.

Until patching is completed, reduce exposure by disabling or restricting Internet Explorer use, especially for untrusted web content; enforce least-privilege so users do not browse with administrative rights; use Enhanced Protected Mode and other available browser hardening controls where supported; restrict active scripting in high-risk zones or use EMET/Exploit Protection-style mitigations where available; and limit access to attacker-controlled or phishing-delivered URLs through web filtering and email security controls.

Remediation

Patch, then assume compromise.

Apply Microsoft’s security update MS13-080 addressing CVE-2013-3897 on affected Internet Explorer installations. Upgrade unsupported systems and browsers where possible, as the vulnerable range includes Internet Explorer 6 through 11. Ensure enterprise patch management covers legacy IE deployments that may still be present on older Windows systems.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft CorporationInternet Explorerapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

contagiodump blogNews

May 12, 2015

contagio: An Overview of Exploit Packs (Update 25) May 2015

A specific vulnerability included in Grandsoft Private EK according to the table.

eset welivesecurity blogNews

Jan 25, 2026

Sednit espionage group now using custom exploit kit

An Internet Explorer 8 vulnerability used as an exploit module in Sednit’s custom exploit kit (Sedkit).

eset welivesecurity blogNews

Mar 13, 2026

An Internet Explorer 8 vulnerability exploited by Sedkit in targeted attacks.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence1

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2013-3897

NVD

nvd.nist.gov/vuln/detail/CVE-2013-3897

MITRE CWE · CWE-416

Use After Free

Patch

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080

Third Party Advisory

us-cert.gov/ncas/alerts/TA13-288A

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3897