// For flags

CVE-2013-5045

MS13-097 Registry Symlink IE Sandbox Escape

Severity Score

6.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

Microsoft Internet Explorer 10 y 11 permite a usuarios locales evadir el mecanismo de modo protegido, y consecuentemente obtener privilegios mediante el aprovechamiento de la capacidad de ejecutar código en una sandbox, también conocido como "Vulnerabilidad de elevación de privilegios en Internet Explorer".

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-08-06 CVE Reserved
  • 2013-12-10 First Exploit
  • 2013-12-11 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 10
Search vendor "Microsoft" for product "Internet Explorer" and version "10"
-
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 11
Search vendor "Microsoft" for product "Internet Explorer" and version "11"
-
Affected