cve/2013/CVE-2013-3893.md

### [CVE-2013-3893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

### POC

#### Reference
- http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.html

#### Github
- https://github.com/0xcyberpj/malware-reverse-exploitdev
- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
- https://github.com/R0B1NL1N/APTnotes
- https://github.com/SkyBulk/the-day-of-nightmares
- https://github.com/cone4/AOT
- https://github.com/dyjakan/exploit-development-case-studies
- https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections
- https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections
- https://github.com/evilbuffer/malware-and-exploitdev-resources
- https://github.com/exp-sky/XKungFoo-2013
- https://github.com/hutgrabber/exploitdev-resources
- https://github.com/iwarsong/apt
- https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections
- https://github.com/kbandla/APTnotes
- https://github.com/likescam/APT_CyberCriminal_Campagin_Collections
- https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections
- https://github.com/paulveillard/cybersecurity-windows-exploitation
- https://github.com/retr0-13/malware-and-exploitdev-resources
- https://github.com/ricew4ng/BrowserSecurity
- https://github.com/ser4wang/BrowserSecurity
- https://github.com/sumas/APT_CyberCriminal_Campagin_Collections
- https://github.com/travelworld/cve_2013_3893_trigger.html
- https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2013-3893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.html`

			`#### Github`
			`- https://github.com/0xcyberpj/malware-reverse-exploitdev`
			`- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/R0B1NL1N/APTnotes`
			`- https://github.com/SkyBulk/the-day-of-nightmares`
			`- https://github.com/cone4/AOT`
			`- https://github.com/dyjakan/exploit-development-case-studies`
			`- https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/evilbuffer/malware-and-exploitdev-resources`
			`- https://github.com/exp-sky/XKungFoo-2013`
			`- https://github.com/hutgrabber/exploitdev-resources`
			`- https://github.com/iwarsong/apt`
			`- https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/kbandla/APTnotes`
			`- https://github.com/likescam/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/paulveillard/cybersecurity-windows-exploitation`
			`- https://github.com/retr0-13/malware-and-exploitdev-resources`
			`- https://github.com/ricew4ng/BrowserSecurity`
			`- https://github.com/ser4wang/BrowserSecurity`
			`- https://github.com/sumas/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/travelworld/cve_2013_3893_trigger.html`
			`- https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References`