🟢 CVE-2013-3918

ActiveX control vulnerability in Internet Explorer allowing remote code execution when users visit malicious web pages. This is a client-side vulnerability requiring user interaction, not a server-side vulnerability exploitable over the internet.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2013-11-12

Added to CISA KEV: 2025-10-06 4346 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2013-3918 is a critical security vulnerability that was identified and actively exploited in the wild in November 2013 [1]. It is commonly referred to as the "InformationCardSigninHelper Vulnerability" [1].

Exploitation and Attack Method
  • Nature of Vulnerability: The flaw is an out-of-bounds write vulnerability located in the `InformationCardSigninHelper` Class ActiveX control within `icardie.dll` [1].
  • Attack Vector: It is a remote code execution vulnerability triggered when a user visits a maliciously crafted web page using Internet Explorer [1].
  • Requirements: Successful exploitation required user interaction (visiting the malicious site). Furthermore, in the targeted attacks observed, attackers often combined this vulnerability with a separate information disclosure vulnerability to determine specific file paths or DLL versions on the victim's machine, which allowed them to build more precise, reliable ROP (Return-Oriented Programming) payloads [2].
  • Impact: Successful exploitation allows a remote attacker to execute arbitrary code with the privileges of the logged-in user or cause a denial of service (via the out-of-bounds write) [1].
Threat Landscape and Usage
  • Targeted Attacks: The vulnerability was notably used in targeted attacks, where attackers tailored their exploits to specific victim environments to increase reliability [2].
  • Exploit Kits: The vulnerability was also incorporated into exploit kits, such as the FlashPack EK, indicating that it was used in broader, automated exploitation campaigns beyond just highly specific targeted attacks [4].
  • Ransomware: There is no specific evidence linking this 2013 vulnerability to modern ransomware campaigns; its primary historical usage was associated with targeted espionage and general exploit kit activity.
Affected Products and Mitigation
  • Affected Versions: The vulnerability affected a wide range of Microsoft operating systems, including:
* Windows XP (SP2, SP3) * Windows Server 2003 (SP2) * Windows Vista (SP2) * Windows Server 2008 (SP2, R2 SP1) * Windows 7 (SP1) * Windows 8 and 8.1 * Windows Server 2012 (Gold, R2) * Windows RT (Gold, 8.1) [1]
  • Patch Status: Microsoft addressed this vulnerability in November 2013 as part of the MS13-090 security bulletin, which was released to fix the remote code execution flaw [3]. Users were advised to prioritize the deployment of this update immediately upon its release [3].

Sources

  1. NVD - CVE-2013-3918

    An official website of the United States government Here's how you know ... Allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet ... CVE-2013-3918 Detail.The InformationCardSigninHelper Class ActiveX…

  2. Technical details of the targeted attack using IE vulnerability...

    Also, this vulnerability requires attackers to have prior knowledge of path and filenames present on targeted machines in order to be successfully exploited. This vulnerability was not used to bypass ASLR, but simply to remotely determine the exact version of a certain DLL on disk in order to build…

  3. Technical details of the targeted attack using IE vulnerability...

    an information disclosure vulnerability (no CVE assigned yet) used by attackers only to improve the reliability of the exploit and to create ROP payloads specifically targeted for the victim’s machine; The remote code execution vulnerability with higher severity rating will be fixed immediately in t…

  4. CVE-2013-3918 - Exploits & Severity - Feedly

    The vulnerability involves an out-of-bounds write flaw that can be triggered by a maliciously crafted web page accessed through Internet Explorer. Impact. ... Threat Intelligence Report. CVE-2013-3918 is a vulnerability associated with exploit kits such as ET EXPLOIT_KIT, specifically targeting the…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed