1. CVE-Search
  2. CVE-2013-3896
ID CVE-2013-3896
Summary Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:5.0.60401.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.0.60401.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:5.0.60818.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.0.60818.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:5.0.61118.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.0.61118.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:5.1.10411.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.1.10411.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:5.1.20125.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.1.20125.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:5.1.20513.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:5.1.20513.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 28-06-2024 - 17:26)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
msbulletin via4
bulletin_id MS13-087
bulletin_url
date 2013-10-08T00:00:00
impact Information Disclosure
knowledgebase_id 2890788
knowledgebase_url
severity Important
title Vulnerability in Silverlight Could Allow Information Disclosure
oval via4
  • accepted 2013-11-26T13:49:21.624-05:00
    class vulnerability
    contributors
    name SecPod Team
    organization SecPod Technologies
    definition_extensions
    comment Microsoft Silverlight 5 is installed
    oval oval:org.mitre.oval:def:16072
    description Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
    family macos
    id oval:org.mitre.oval:def:19003
    status accepted
    submitted 2013-10-15T08:32:29
    title Vulnerability in Silverlight Could Allow Information Disclosure (CVE-2013-3896) - MS13-087 (Mac OS X)
    version 4
  • accepted 2014-04-07T04:02:06.508-04:00
    class vulnerability
    contributors
    • name SecPod Team
      organization SecPod Technologies
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Silverlight 5 is installed
    oval oval:org.mitre.oval:def:15148
    description Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
    family windows
    id oval:org.mitre.oval:def:19055
    status accepted
    submitted 2013-10-15T08:32:29
    title Vulnerability in Silverlight Could Allow Information Disclosure (CVE-2013-3896) - MS13-087
    version 8
refmap via4
cert TA13-288A
Last major update 28-06-2024 - 17:26
Published 09-10-2013 - 14:53
Last modified 28-06-2024 - 17:26
Back to Top