HighCISA KEVExploited in the wildPublic exploit

Microsoft Internet Explorer 8 CGenericElement Use-After-Free

IdentifiersCVE-2013-1347CWE-416· Use After Free

CVE-2013-1347 is a use-after-free / improper object lifetime handling vulnerability in Microsoft Internet Explorer 8. The provided content identifies it as a CGenericElement object use-after-free flaw in which IE8 does not properly handle objects in memory, allowing an attacker to access an object that was either not properly allocated or had already been deleted. By triggering this memory corruption condition via malicious web content, a remote attacker can corrupt process memory and achieve arbitrary code execution. The vulnerability was exploited in the wild in May 2013, including watering-hole and exploit-kit-driven campaigns, and was associated with Microsoft bulletin MS13-038.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows remote arbitrary code execution in the context of the logged-in user running Internet Explorer 8. In observed campaigns, exploitation was used to deliver first-stage malware and RAT payloads including 9002 RAT, Poison Ivy, and other loaders/downloader components. Because exploitation occurs in the browser process, impact depends on user privileges; users with administrative rights face full system compromise, while lower-privileged users still risk malware installation, credential theft, persistence, and follow-on intrusion activity.

Mitigation

If you can’t patch tonight, do this now.

Until patching and migration are completed, reduce exposure by disabling or restricting use of Internet Explorer 8, especially on legacy Windows systems; limit browsing from high-value systems; enforce least privilege so browser compromise does not yield administrative execution; use web filtering to block known malicious or compromised redirector/hosting domains; and deploy network/browser exploit detections. The content references exploit-kit and watering-hole delivery, so blocking access to compromised sites and monitoring for exploit traffic are relevant mitigations.

Remediation

Patch, then assume compromise.

Apply Microsoft's security update for CVE-2013-1347 / MS13-038 and retire unsupported Internet Explorer versions, especially IE8 on legacy platforms. Upgrade to a supported browser and operating system where possible. The content specifically associates exploitation with IE8, particularly on Windows XP, Windows 2000, and Windows Server 2003, so migrating off those legacy combinations is a primary remediation step.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft CorporationInternet Explorerapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

10 SOURCESView more in app

contagiodump blogNews

May 12, 2015

contagio: An Overview of Exploit Packs (Update 25) May 2015

A specific vulnerability used by multiple exploit kits according to the table.

talosintel blogNews

May 2, 2014

Continued analysis of the LightsOut Exploit Kit

A Microsoft Internet Explorer CGenericElement use-after-free vulnerability exploited by the LightsOut exploit kit against IE8 on Windows XP, with code closely matching a Metasploit module.

malwageddon blogspot frNews

Sep 29, 2013

Malware Analysis: The Final Frontier: LightsOut EK: "By the way... How much is the fish!?"

An Internet Explorer vulnerability used by the exploit kit against IE8 on Windows XP, 2000, or 2003 systems as part of the infection chain.

ciscoNews

Sep 18, 2013

Watering-Hole Attacks Target Energy Sector - Cisco Blogs

A memory handling vulnerability in Microsoft Internet Explorer 8 that was used in this watering-hole campaign to deliver malware.

+6 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware4

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2013-1347

NVD

nvd.nist.gov/vuln/detail/CVE-2013-1347

MITRE CWE · CWE-416

Use After Free

Patch

technet.microsoft.com/security/advisory/2847140

Patch

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038

Third Party Advisory

exploit-db.com/exploits/25294

Third Party Advisory

us-cert.gov/ncas/alerts/TA13-134A

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1347