CVE-2013-0074
CVE-2013-0074
In short
Microsoft Silverlight improperly validates pointers when rendering HTML objects, allowing attackers to execute arbitrary code through a malicious Silverlight application.
Technical detail
A pointer validation flaw in Silverlight 5 and 5 Developer Runtime (before 5.1.20125.0) during HTML object rendering can be exploited by remote attackers to achieve arbitrary code execution. The attack vector requires the victim to load a crafted Silverlight application in a browser context where Silverlight is installed and enabled.
Summary generated and translated by AI from the official description.
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/41702unverifiedexploitdbwww.exploit-db.com/exploits/29858unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0074http://www.us-cert.gov/ncas/alerts/TA13-071A