CVE-2013-3896
CVE-2013-3896
In short
Microsoft Silverlight 5 fails to properly check memory pointers when accessing elements, allowing attackers to read sensitive information by tricking users into running a malicious Silverlight application.
Technical detail
A pointer validation vulnerability in Microsoft Silverlight 5 (before 5.1.20913.0) permits remote code execution context to leak sensitive memory information through a crafted application. The attack vector requires user interaction to load and execute the malicious Silverlight content; impact is confidentiality breach without requiring elevated privileges.
Summary generated and translated by AI from the official description.
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/41702unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-087https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19003https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19055https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3896http://www.us-cert.gov/ncas/alerts/TA13-288A