What is the severity of CVE-2013-0090?

CVE-2013-0090 has a critical severity rating as it allows remote execution of arbitrary code.

How do I fix CVE-2013-0090?

To fix CVE-2013-0090, you should apply the latest security patches released by Microsoft for Internet Explorer.

What versions of Internet Explorer are affected by CVE-2013-0090?

CVE-2013-0090 affects Internet Explorer versions 6 through 10.

Can I find CVE-2013-0090 in Windows 7 or Windows 8?

CVE-2013-0090 does not affect Windows 7 or Windows 8 as they use versions of Internet Explorer that are not vulnerable.

What attack vectors are associated with CVE-2013-0090?

CVE-2013-0090 can be exploited through a specially crafted website that triggers access to a deleted object.

Vulnerability/
CVE-2013-0090

critical

9.3

CWE

399 416

13/3/2013

16/1/2025

CVE-2013-0090: Use After Free

First published: Wed Mar 13 2013(Updated: )

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
All of
Internet Explorer	=6
Any of
Microsoft Windows Server 2003	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
All of
Internet Explorer	=7
Any of
Microsoft Windows Server 2003	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
All of
Internet Explorer	=8
Any of
Microsoft Windows 7
Microsoft Windows 7	=sp1
Microsoft Windows 7	=sp1
Microsoft Windows Server 2003	=sp2
Microsoft Windows Server 2008 Itanium	=r2
Microsoft Windows Server 2008 Itanium	=r2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
All of
Internet Explorer	=9
Any of
Microsoft Windows 7
Microsoft Windows 7	=sp1
Microsoft Windows 7	=sp1
Microsoft Windows Server 2008 Itanium	=r2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows Vista	=sp2
All of
Internet Explorer	=10
Any of
Microsoft Windows 8.0
Microsoft Windows 8.0
Microsoft Windows RT
Microsoft Windows Server 2012 x64
Internet Explorer	=6
Microsoft Windows Server 2003	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
Internet Explorer	=7
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Vista	=sp2
Microsoft Windows Vista	=sp2
Internet Explorer	=8
Microsoft Windows 7
Microsoft Windows 7	=sp1
Microsoft Windows 7	=sp1
Microsoft Windows Server 2008 Itanium	=r2
Microsoft Windows Server 2008 Itanium	=r2
Internet Explorer	=9
Internet Explorer	=10
Microsoft Windows 8.0
Microsoft Windows 8.0
Microsoft Windows RT
Microsoft Windows Server 2012 x64

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-0090?
CVE-2013-0090 has a critical severity rating as it allows remote execution of arbitrary code.
How do I fix CVE-2013-0090?
To fix CVE-2013-0090, you should apply the latest security patches released by Microsoft for Internet Explorer.
What versions of Internet Explorer are affected by CVE-2013-0090?
CVE-2013-0090 affects Internet Explorer versions 6 through 10.
Can I find CVE-2013-0090 in Windows 7 or Windows 8?
CVE-2013-0090 does not affect Windows 7 or Windows 8 as they use versions of Internet Explorer that are not vulnerable.
What attack vectors are associated with CVE-2013-0090?
CVE-2013-0090 can be exploited through a specially crafted website that triggers access to a deleted object.

agent/references
agent/author
agent/type
agent/weakness
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/internet explorer
version/internet explorer/6
canonical/microsoft windows server 2003
version/microsoft windows server 2003/sp2
canonical/microsoft windows xp
version/microsoft windows xp/sp2
version/microsoft windows xp/sp3
version/internet explorer/7
canonical/microsoft windows server 2008 itanium
version/microsoft windows server 2008 itanium/sp2
canonical/microsoft windows vista
version/microsoft windows vista/sp2
version/internet explorer/8
canonical/microsoft windows 7
version/microsoft windows 7/sp1
version/microsoft windows server 2008 itanium/r2
version/internet explorer/9
version/internet explorer/10
canonical/microsoft windows 8.0
canonical/microsoft windows rt
canonical/microsoft windows server 2012 x64

CVE-2013-0090: Use After Free

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-0090?

How do I fix CVE-2013-0090?

What versions of Internet Explorer are affected by CVE-2013-0090?

Can I find CVE-2013-0090 in Windows 7 or Windows 8?

What attack vectors are associated with CVE-2013-0090?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-0090?

How do I fix CVE-2013-0090?

What versions of Internet Explorer are affected by CVE-2013-0090?

Can I find CVE-2013-0090 in Windows 7 or Windows 8?

What attack vectors are associated with CVE-2013-0090?