Vulnerability Details CVE-2013-3896
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.783
EPSS Ranking 98.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
Proposed Action
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.
Ransomware Campaign
Unknown
References
- http://www.us-cert.gov/ncas/alerts/TA13-288A
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-087
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19055
- http://www.us-cert.gov/ncas/alerts/TA13-288A
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-087
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19055
Products affected by CVE-2013-3896
-
cpe:2.3:a:microsoft:silverlight:5.0
-
cpe:2.3:a:microsoft:silverlight:5.0.60401.0
-
cpe:2.3:a:microsoft:silverlight:5.0.60818.0
-
cpe:2.3:a:microsoft:silverlight:5.0.61118.0
-
cpe:2.3:a:microsoft:silverlight:5.1.10411.0
-
cpe:2.3:a:microsoft:silverlight:5.1.20125.0
-
cpe:2.3:a:microsoft:silverlight:5.1.20513.0