SecOps Solution Website

Summary

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

Severity

High

Severity Score

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-ID

NVD-CWE-noinfo

Vulnerability ID

CVE-2013-0074

Severity

High

Severity Score

9.3

Summary

References

http://www.us-cert.gov/ncas/alerts/TA13-071A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022

Mitigation and Patches

Exploits

https://www.exploit-db.com/exploits/41702 https://www.exploit-db.com/exploits/29858 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://blog.malwarebytes.com/threat-analysis/2013/11/streaming-netflix-on-your-pc-beware-of-silverlight-exploit/

Metasploit Payload

http://www.securityfocus.com/bid/58327 http://www.securityfocus.com/bid/62793 http://technet.microsoft.com/en-us/security/bulletin/MS13-022 http://technet.microsoft.com/en-us/security/bulletin/MS13-087 https://packetstormsecurity.com/files/123731 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE ID

NVD-CWE-noinfo

CVE-2013-0074

Summary

Severity

Severity Score

Vector

CWE-ID

See SecOps Solution
in action

Products

Compare

Company

Resources

Try It

CVE-2013-0074

Summary

Severity

Severity Score

Vector

CWE-ID

See SecOps Solutionin action

Products

Compare

Company

Resources

Try It

See SecOps Solution
in action