CVE-2013-3893

ENISA EUVD: EUVD-2013-3825 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 6 articles Published: 2013-09-18

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

82.61%

probability

This CVE has a 82.61% probability of being exploited in the next 30 days.

0% Top 99.3th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

Affected Products

n/a

microsoft

internet explorer

n/a

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-399 CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Exploits & PoC

http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html

third-party-advisory x_refsource_JVNDB

http://jvn.jp/en/jp/JVN27443259/index.html

third-party-advisory x_refsource_JVN

http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx

x_refsource_CONFIRM

http://www.securityfocus.com/bid/62453

vdb-entry x_refsource_BID

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18665

vdb-entry signature x_refsource_OVAL

http://www.us-cert.gov/ncas/alerts/TA13-288A

third-party-advisory x_refsource_CERT

Signal Intelligence

Confidenceⓘ

85%

EPSS 82.61%

CVSS v3.1 8.8

Mentions 6

CNA Information

CNA Assigner

microsoft

Analyst Note

CVE-2013-3893 is explicitly named as an Internet Explorer zero-day exploited in the wild via watering hole attacks targeting Japanese users, with exploitation documented by FireEye. The 2013 CVE year and active exploitation reports align with the zero-day timeline, and the vulnerability was being exploited before patches were publicly available.

Threat Actors 2

RomCom

apt_group Financial gain 🇷🇺 RU

Void Rabisu

apt_group Financial gain 🇷🇺 RU

Triage Info

Decided atMar 20, 2026

Published DateSep 18, 2013