### [CVE-2013-3893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll. ### POC #### Reference - http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.html - http://packetstormsecurity.com/files/162585/Microsoft-Internet-Explorer-8-SetMouseCapture-Use-After-Free.html #### Github - https://github.com/0xcyberpj/malware-reverse-exploitdev - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections - https://github.com/R0B1NL1N/APTnotes - https://github.com/SkyBulk/the-day-of-nightmares - https://github.com/cone4/AOT - https://github.com/dyjakan/exploit-development-case-studies - https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections - https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections - https://github.com/evilbuffer/malware-and-exploitdev-resources - https://github.com/exp-sky/XKungFoo-2013 - https://github.com/hutgrabber/exploitdev-resources - https://github.com/iwarsong/apt - https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections - https://github.com/kbandla/APTnotes - https://github.com/likescam/APT_CyberCriminal_Campagin_Collections - https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections - https://github.com/paulveillard/cybersecurity-windows-exploitation - https://github.com/retr0-13/malware-and-exploitdev-resources - https://github.com/ricew4ng/BrowserSecurity - https://github.com/ser4wang/BrowserSecurity - https://github.com/sumas/APT_CyberCriminal_Campagin_Collections - https://github.com/travelworld/cve_2013_3893_trigger.html - https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References