Microsoft Internet Explorer Memory Corruption Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH

8.8 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Likelihood

EPSS Prediction

85.00 %

Predictive Probability

Percentile Rank

99.3 th

Documented as more likely to be exploited than 99.3% of known CVEs.

Detection Date

Mar 30, 2023

Remediation Due

Apr 20, 2023

CISA Catalog Active

Threat Analysis

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.

Remediation Directive

The impacted product is end-of-life and should be disconnected if still in use.

Asset Context

Vendor Identity

Microsoft

Affected Product

Internet Explorer

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-94

External Intelligence

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2013-3163