ID CVE-2013-0074
Summary Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
References
Vulnerable Configurations
  • Microsoft Silverlight 5.0.60401.0
    cpe:2.3:a:microsoft:silverlight:5.0.60401.0
  • Microsoft Silverlight 5.0.60818.0
    cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc
  • Microsoft Silverlight 5.0.61118.0
    cpe:2.3:a:microsoft:silverlight:5.0.61118.0
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • Microsoft Windows Server 2008 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  • Microsoft Windows Server 2008 R2 Service Pack 1
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1
  • Microsoft Windows Server 2012
    cpe:2.3:o:microsoft:windows_server_2012
  • Microsoft Silverlight 5.0.60401.0
    cpe:2.3:a:microsoft:silverlight:5.0.60401.0
  • Microsoft Silverlight 5.0.60818.0
    cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc
  • Microsoft Silverlight 5.0.61118.0
    cpe:2.3:a:microsoft:silverlight:5.0.61118.0
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Windows 8 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_8:-:-:x64
  • Windows 8 x86 (32-bit)
    cpe:2.3:o:microsoft:windows_8:-:-:x86
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Silverlight 5.0.60401.0
    cpe:2.3:a:microsoft:silverlight:5.0.60401.0
  • Microsoft Silverlight 5.0.60818.0
    cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc
  • Microsoft Silverlight 5.0.61118.0
    cpe:2.3:a:microsoft:silverlight:5.0.61118.0
  • Apple Mac OS
    cpe:2.3:o:apple:mac_os
CVSS
Base: 9.3 (as of 03-11-2016 - 14:24)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022). CVE-2012-0016,CVE-2013-0074. Remote exploit for windows platform
id EDB-ID:29858
last seen 2016-02-03
modified 2013-11-27
published 2013-11-27
reporter metasploit
source https://www.exploit-db.com/download/29858/
title Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access MS12-022
metasploit via4
description This module exploits a vulnerability in Microsoft Silverlight. The vulnerability exists on the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible to dereference arbitrary memory which easily leverages to arbitrary code execution. In order to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class from System.Windows.dll. This module has been tested successfully on IE6 - IE10, Windows XP SP3 / Windows 7 SP1.
id MSF:EXPLOIT/WINDOWS/BROWSER/MS13_022_SILVERLIGHT_SCRIPT_OBJECT
last seen 2019-02-24
modified 2017-07-24
published 2013-11-22
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
title MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
msbulletin via4
bulletin_id MS13-022
bulletin_url
date 2013-03-12T00:00:00
impact Remote Code Execution
knowledgebase_id 2814124
knowledgebase_url
severity Critical
title Vulnerability in Silverlight Could Allow Remote Code Execution
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_MS13-022.NASL
    description The version of Microsoft Silverlight installed on the remote host reportedly incorrectly checks a memory pointer when rendering an HTML object, which could allow a specially crafted application to access memory in an unsafe fashion. If an attacker could trick a user on the affected system into visiting a website hosting a malicious Silverlight application, the attacker could leverage this vulnerability to execute arbitrary code on the affected system, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 65216
    published 2013-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65216
    title MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) (Mac OS X)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS13-022.NASL
    description The version of Microsoft Silverlight installed on the remote host reportedly incorrectly checks a memory pointer when rendering an HTML object, which could allow a specially crafted application to access memory in an unsafe fashion. If an attacker could trick a user on the affected system into visiting a website hosting a malicious Silverlight application, the attacker could leverage this vulnerability to execute arbitrary code on the affected system, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 65211
    published 2013-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65211
    title MS13-022: Vulnerability in Microsoft Silverlight Could Allow Remote Code Execution (2814124)
oval via4
  • accepted 2014-04-07T04:02:00.457-04:00
    class vulnerability
    contributors
    • name SecPod Team
      organization SecPod Technologies
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Silverlight 5 is installed
    oval oval:org.mitre.oval:def:15148
    description Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
    family windows
    id oval:org.mitre.oval:def:16516
    status accepted
    submitted 2013-03-14T10:20:37
    title Double dereference vulnerability in Microsoft Silverlight - MS13-022
    version 8
  • accepted 2013-04-29T04:17:16.198-04:00
    class vulnerability
    contributors
    name SecPod Team
    organization SecPod Technologies
    definition_extensions
    comment Microsoft Silverlight 5 is installed
    oval oval:org.mitre.oval:def:16072
    description Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
    family macos
    id oval:org.mitre.oval:def:16565
    status accepted
    submitted 2013-03-14T10:20:37
    title Double dereference vulnerability in Microsoft Silverlight - MS13-022 (Mac OS X)
    version 4
packetstorm via4
data source https://packetstormsecurity.com/files/download/124182/ms13_022_silverlight_script_object.rb.txt
id PACKETSTORM:124182
last seen 2016-12-05
published 2013-11-26
reporter Vitaliy Toropov
source https://packetstormsecurity.com/files/124182/Microsoft-Internet-Explorer-COALineDashStyleArray-Unsafe-Memory-Access.html
title Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
refmap via4
cert TA13-071A
ms MS13-022
the hacker news via4
id THN:BC65D2F30C85103414F6BD1EC204BB05
last seen 2018-01-27
modified 2014-05-21
published 2014-05-21
reporter Mohit Kumar
source https://thehackernews.com/2014/05/netflix-users-targeted-by-microsoft.html
title Netflix Users Targeted by Microsoft Silverlight Exploits
Last major update 03-11-2016 - 15:04
Published 12-03-2013 - 20:55
Last modified 26-02-2019 - 09:04
Back to Top