Executive Summary
Summary | |
---|---|
Title | Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) |
Informations | |||
---|---|---|---|
Name | MS13-022 | First vendor Publication | 2013-03-12 |
Vendor | Microsoft | Last vendor Modification | 2013-04-03 |
Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.2 (April 3, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes" and clarified that installing the update will upgrade previous versions of Silverlight to Silverlight version 5.1.20125.0. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-022 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16516 | |||
Oval ID: | oval:org.mitre.oval:def:16516 | ||
Title: | Double dereference vulnerability in Microsoft Silverlight - MS13-022 | ||
Description: | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0074 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft Silverlight 5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16565 | |||
Oval ID: | oval:org.mitre.oval:def:16565 | ||
Title: | Double dereference vulnerability in Microsoft Silverlight - MS13-022 (Mac OS X) | ||
Description: | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2013-0074 | Version: | 3 |
Platform(s): | Apple Mac OS X Apple Mac OS X Server | Product(s): | Microsoft Silverlight 5 for Mac |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-11-27 | MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-03-14 | IAVM : 2013-A-0064 - Microsoft Silverlight Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0037405 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-22 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 37801 - Revision : 3 - Type : BROWSER-PLUGINS |
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-30 | Angler exploit kit XORed payload download attempt RuleID : 29066 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Angler exploit kit payload download attempt RuleID : 28616 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Angler exploit kit exploit download attempt RuleID : 28615 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Angler exploit kit landing page RuleID : 28614 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Angler exploit kit landing page - specific-structure RuleID : 28613 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Silverlight exploit download RuleID : 28612 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28584 - Revision : 6 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28583 - Revision : 6 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28582 - Revision : 6 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28581 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28580 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28579 - Revision : 7 - Type : BROWSER-PLUGINS |
Metasploit Database
id | Description |
---|---|
2013-03-12 | MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-09 | Name : A multimedia application framework installed on the remote Mac OS X host is a... File : macosx_ms13-087.nasl - Type : ACT_GATHER_INFO |
2013-10-09 | Name : A browser enhancement on the remote Windows host is affected by an informatio... File : smb_nt_ms13-087.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : A multimedia application framework installed on the remote Mac OS X host is a... File : macosx_ms13-022.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : A browser enhancement on the remote Windows host could allow arbitrary code e... File : smb_nt_ms13-022.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:14 |
|
2016-04-27 02:01:21 |
|
2015-02-20 13:24:19 |
|
2014-02-17 11:47:35 |
|
2014-01-19 21:30:56 |
|
2014-01-03 17:19:08 |
|
2013-12-01 21:18:44 |
|
2013-11-11 12:41:32 |
|
2013-11-04 21:33:39 |
|
2013-04-03 21:19:22 |
|
2013-04-03 21:15:35 |
|
2013-03-16 18:31:55 |
|
2013-03-12 22:08:53 |
|
2013-03-12 22:05:17 |
|