CVE Alert: CVE-2013-3918 - n/a - n/a

CVE-2013-3918

UnknownExploitation active

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."

CVSS v3.1 not provided

Vendor

n/a

Product

n/a

Versions

n/a

CWE

n/a

Vector

n a

Published

2013-11-12T01:00:00.000Z

Updated

2025-10-06T17:33:58.154Z

References

http://www.us-cert.gov/ncas/alerts/TA13-317A

http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814/

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090

http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19089

https://isc.sans.edu/forums/diary/16985

http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

IE processes loading icardie.dll or InformationCardSigninHelperActiveX calls.
Crashes or memory corruption traces in IE (out-of-bounds write).
Unusual user-driven navigation to suspected watering-hole domains or anomalous web traffic patterns.
Post-exploitation indicators: unexpected process spawns, suspicious DLL loads, or unusual network beaconing from user devices.
Patch status check: systems lacking MS13-090 are high-priority signals.

Mitigation and prioritisation

Apply the MS13-090 patch or equivalent security updates immediately; verify rollout scope.
Disable or remove the InformationCardSigninHelper ActiveX control; tighten IE security (disable outdated ActiveX, enable Protected View/Enhanced Protected Mode).
Implement network and endpoint controls: restrict IE from loading ActiveX, enforce least privilege, and consider EMET/Defence Guard where available.
Incident response readiness: ensure quick containment, re-imaging plans for affected hosts, and asset discovery to identify exposed endpoints.
Treat as priority 1 given exploitation activity and potential for rapid realisation of impact.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2013-3918, n-a, OSINT, threatintel

CVE Alert: CVE-2013-3918 – n/a – n/a

CVE-2013-3918

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Mitigation and prioritisation

HomeRefill – 187,457 breached accounts

Artists&Clients – 95,351 breached accounts

Adpost – 3,339,512 breached accounts

CVE Alert: CVE-2025-11339 – D-Link – DI-7100G C1

CVE Alert: CVE-2025-11341 – Jinher – OA

CVE-2013-3918

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Mitigation and prioritisation

You may have missed

HomeRefill – 187,457 breached accounts

Artists&Clients – 95,351 breached accounts

Adpost – 3,339,512 breached accounts

CVE Alert: CVE-2025-11339 – D-Link – DI-7100G C1

CVE Alert: CVE-2025-11341 – Jinher – OA