[CVE-2013-0074] Microsoft Silverlight Double Dereference Vulnerability

CISA KEV 정보

취약점명	Microsoft Silverlight Double Dereference Vulnerability
설명	Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.
조치사항	The impacted product is end-of-life and should be disconnected if still in use.
랜섬웨어 캠페인 악용	Known
등록일 (KEV)	2022-05-25
조치 기한	2022-06-15
추가 참고	https://nvd.nist.gov/vuln/detail/CVE-2013-0074

NVD 상세 정보

CVSS v3.1: 7.8 HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

설명: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

참조

http://www.us-cert.gov/ncas/alerts/TA13-071A [Third Party Advisory, US Government Resource]
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022 [Patch, Vendor Advisory]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516 [Broken Link]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565 [Broken Link]
http://www.us-cert.gov/ncas/alerts/TA13-071A [Third Party Advisory, US Government Resource]
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022 [Patch, Vendor Advisory]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516 [Broken Link]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565 [Broken Link]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0074

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2013-0074] Microsoft Silverlight Double Dereference Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍