Internet Explorer vulnerable to arbitrary code execution


Internet Explorer contains a vulnerability that may allow arbitrary code execution.

According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited.
CVSS Severity (What is CVSS?)

Base Metrics: 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products

Microsoft Corporation
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 11


If a user views a specially crafted web page, an arbitrary code may be executed.

[Apply an update]
Apply Cumulative Security Update for Internet Explorer (2879017) according to the information provided by Microsoft.

[Apply a workaround]
The following workarounds may mitigate the affects of this vulnerability.

* Apply Fix it 51001
* Apply Enhanced Mitigation Experience Toolkit (EMET)
* Restrict the execution of ActiveX control and Active Script

For more information, please see "Suggested Actions" of Microsoft Security Advisory (2887505).
Vendor Information

Microsoft Corporation
CWE (What is CWE?)

  1. Resource Management Errors(CWE-399) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2013-3893

  1. JVN : JVN#27443259
  2. National Vulnerability Database (NVD) : CVE-2013-3893
  3. IPA SECURITY ALERTS : Security Alert for Internet Explorer (CVE-2013-3893) (in Japanese)
  4. JPCERT REPORT : Vulnerability in Microsoft Internet Explorer in September 2013 (in Japanese)
Revision History

  Web page was published
  Vendor Information : Contents were added
  Solution was modified
  Vendor Information : Contents were added