Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0074

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2013-0074
Last Modified 02 Nov 2013 11:29:21
Published 12 Mar 2013 08:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0074

Summary

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

Vulnerable Systems

Application

  • Microsoft Silverlight 5.0.60401.0

  • Microsoft Silverlight 5.0.60818.0

  • Microsoft Silverlight 5.0.61118.0


References

MS - MS13-022

CERT - TA13-071A

Related Patches

MS13-022 Security Update for Microsoft Silverlight (KB2814124)

MS13-022 2814124 Security Update for Microsoft Silverlight 5 for Mac (See Notes)


Last Updated: 27 May 2016 10:47:24