CVE-2013-0074

Warnung

EPSS 93.05%
Veröffentlicht 13.03.2013 00:55:01
Zuletzt bearbeitet 22.10.2025 01:15:46
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

Betroffene Produkte Warnungen 1 Metriken 4 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Silverlight Version >= 5.0 < 5.1.20125.0

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Silverlight Double Dereference Vulnerability

Schwachstelle

Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.

Beschreibung

The impacted product is end-of-life and should be disconnected if still in use.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.05%	0.997

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

http://www.us-cert.gov/ncas/alerts/TA13-071A

Third Party Advisory

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022

Patch

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565

Broken Link

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0074

https://nvd.nist.gov/vuln/detail/CVE-2013-0074

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0074

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0074

EUVD