What is the severity of CVE-2013-1297?

CVE-2013-1297 is rated as a critical vulnerability due to its potential for information disclosure.

How do I fix CVE-2013-1297?

To fix CVE-2013-1297, users should update their Microsoft Internet Explorer to the latest version available, ideally moving away from versions 6, 7, or 8.

What can attackers do through CVE-2013-1297?

Attackers can exploit CVE-2013-1297 to perform unauthorized cross-domain reading of JSON files.

Which versions of Microsoft Internet Explorer are affected by CVE-2013-1297?

CVE-2013-1297 affects Microsoft Internet Explorer versions 6, 7, and 8.

Is CVE-2013-1297 exploitable through a web browser?

Yes, CVE-2013-1297 is exploitable through a web browser via a crafted web page designed to take advantage of the vulnerability.

Vulnerability/
CVE-2013-1297

medium

4.3

CWE

200

15/5/2013

12/10/2018

CVE-2013-1297: Infoleak

First published: Wed May 15 2013(Updated: )

Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Internet Explorer	=6
Internet Explorer	=7
Internet Explorer	=8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1297?
CVE-2013-1297 is rated as a critical vulnerability due to its potential for information disclosure.
How do I fix CVE-2013-1297?
To fix CVE-2013-1297, users should update their Microsoft Internet Explorer to the latest version available, ideally moving away from versions 6, 7, or 8.
What can attackers do through CVE-2013-1297?
Attackers can exploit CVE-2013-1297 to perform unauthorized cross-domain reading of JSON files.
Which versions of Microsoft Internet Explorer are affected by CVE-2013-1297?
CVE-2013-1297 affects Microsoft Internet Explorer versions 6, 7, and 8.
Is CVE-2013-1297 exploitable through a web browser?
Yes, CVE-2013-1297 is exploitable through a web browser via a crafted web page designed to take advantage of the vulnerability.

agent/severity
agent/references
agent/weakness
agent/author
agent/type
agent/tags
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
vendor/microsoft
canonical/internet explorer
version/internet explorer/6
version/internet explorer/7
version/internet explorer/8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2013-1297?
CVE-2013-1297 is rated as a critical vulnerability due to its potential for information disclosure.
How do I fix CVE-2013-1297?
To fix CVE-2013-1297, users should update their Microsoft Internet Explorer to the latest version available, ideally moving away from versions 6, 7, or 8.
What can attackers do through CVE-2013-1297?
Attackers can exploit CVE-2013-1297 to perform unauthorized cross-domain reading of JSON files.
Which versions of Microsoft Internet Explorer are affected by CVE-2013-1297?
CVE-2013-1297 affects Microsoft Internet Explorer versions 6, 7, and 8.
Is CVE-2013-1297 exploitable through a web browser?
Yes, CVE-2013-1297 is exploitable through a web browser via a crafted web page designed to take advantage of the vulnerability.