Windows IE Use-After-Free Vulnerability MS13-047

June 21, 2013

Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems. It is one of the most widely used web browsers. It is capable of rendering static and dynamic web content, as well as other web browsing related tasks such as displaying HTML pages, downloading files, parsing various image formats, running different types of multimedia content, and opening files in various formats using various plugins.

The Document Object Model (DOM) is a cross-platform and language-independent convention for representing and interacting with objects in HTML, XHTML and XML documents. Objects in the DOM tree may be addressed and manipulated by using methods on the objects. The public interface of a DOM is specified in its application programming interface (API). From version 6, Internet Explorer 6 started supporting the DOM structure. In the DOM, all HTML tags and their attributes are stored in a tree-like structure as nodes, along with the text and other literal data that form the leaves of this tree. IE supports dynamic manipulation of the DOM through client side scripting.

A use-after-free vulnerability exists in Microsoft Internet Explorer when IE is handling one of the DOM objects. By exploiting this vulnerability, Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Any successfully injected code will be executed in the context of the currently logged on user.

Dell SonicWALL threat team has researched this vulnerability and released the following IPS signature:

  • 9954 Windows IE Use-After-Free Vulnerability (MS13-047) 15

This vulnerability has been referred by CVE as CVE-2013-3121.