# Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free # Date: 15/05/2021 # CVE : CVE-2013-3893 # PoC: https://github.com/travelworld/cve_2013_3893_trigger.html/blob/gh-pages/params.json # Exploit Author: SlidingWindow # Vendor Advisory: https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2887505?redirectedfrom=MSDN # Tested on: Microsoft Internet Explorer 8 (version: 8.0.7601.17514) on Windows 7 SP1 (Version 6.1 Build 7601 SP1) # Bypasses: DEP, ASLR using MSVCR71.DLL # Thanks to @corelanc0d3r for awesome Heap Exploitation Training and @offsectraining for OSCP training