Executive Summary

Informations
Name CVE-2013-0074 First vendor Publication 2013-03-12
Vendor Cve Last vendor Modification 2025-03-14

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0074

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16516
 
Oval ID: oval:org.mitre.oval:def:16516
Title: Double dereference vulnerability in Microsoft Silverlight - MS13-022
Description: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0074
 Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Microsoft Silverlight 5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16565
 
Oval ID: oval:org.mitre.oval:def:16565
Title: Double dereference vulnerability in Microsoft Silverlight - MS13-022 (Mac OS X)
Description: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
Family: macos Class: vulnerability
Reference(s): CVE-2013-0074
 Version: 3
Platform(s): Apple Mac OS X
Apple Mac OS X Server
 Product(s): Microsoft Silverlight 5 for Mac
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

ExploitDB Exploits

id Description
2013-11-27 MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-03-14 IAVM : 2013-A-0064 - Microsoft Silverlight Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0037405

Snort® IPS/IDS

Date Description
2016-03-22 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 37801 - Revision : 3 - Type : BROWSER-PLUGINS
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-30 Angler exploit kit XORed payload download attempt
RuleID : 29066 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Angler exploit kit payload download attempt
RuleID : 28616 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Angler exploit kit exploit download attempt
RuleID : 28615 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Angler exploit kit landing page
RuleID : 28614 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Angler exploit kit landing page - specific-structure
RuleID : 28613 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit Silverlight exploit download
RuleID : 28612 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28584 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28583 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28582 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28581 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28580 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28579 - Revision : 7 - Type : BROWSER-PLUGINS

Metasploit Database

id Description
2013-03-12 MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access

Nessus® Vulnerability Scanner

Date Description
2013-10-09 Name : A multimedia application framework installed on the remote Mac OS X host is a...
File : macosx_ms13-087.nasl - Type : ACT_GATHER_INFO
2013-10-09 Name : A browser enhancement on the remote Windows host is affected by an informatio...
File : smb_nt_ms13-087.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : A multimedia application framework installed on the remote Mac OS X host is a...
File : macosx_ms13-022.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : A browser enhancement on the remote Windows host could allow arbitrary code e...
File : smb_nt_ms13-022.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://www.us-cert.gov/ncas/alerts/TA13-071A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Date Informations
2025-03-14 21:22:02
  • Multiple Updates
2025-02-11 17:21:36
  • Multiple Updates
2024-12-20 00:21:19
  • Multiple Updates
2024-11-28 12:32:57
  • Multiple Updates
2024-06-28 21:27:58
  • Multiple Updates
2021-09-22 21:23:57
  • Multiple Updates
2020-05-23 13:17:01
  • Multiple Updates
2020-05-23 01:50:36
  • Multiple Updates
2020-05-23 00:35:38
  • Multiple Updates
2019-05-09 12:05:02
  • Multiple Updates
2019-02-26 17:19:38
  • Multiple Updates
2018-10-31 00:20:26
  • Multiple Updates
2018-10-13 05:18:37
  • Multiple Updates
2017-09-19 09:25:38
  • Multiple Updates
2017-06-30 12:00:44
  • Multiple Updates
2016-11-04 00:23:09
  • Multiple Updates
2016-08-05 12:04:08
  • Multiple Updates
2016-06-28 22:15:00
  • Multiple Updates
2016-04-26 22:38:00
  • Multiple Updates
2015-04-30 21:26:03
  • Multiple Updates
2014-02-17 11:15:10
  • Multiple Updates
2014-01-30 21:20:36
  • Multiple Updates
2014-01-19 21:29:03
  • Multiple Updates
2014-01-03 17:19:02
  • Multiple Updates
2013-12-01 21:18:43
  • Multiple Updates
2013-11-11 12:40:07
  • Multiple Updates
2013-11-04 21:24:39
  • Multiple Updates
2013-05-10 22:27:47
  • Multiple Updates
2013-05-04 17:20:21
  • Multiple Updates
2013-03-16 18:31:00
  • First insertion