var-201303-0226
Vulnerability from variot
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability.". Microsoft Silverlight is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. The platform enables building interactive applications for web, desktop and mobile devices. The vulnerability is caused by the program not properly validating pointers during rendering of HTML objects. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.
+------------------------------------------------------------------------------+
+---------+ | DETAILS | +---------+
A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method.
BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property.
+------------------------------------------------------------------------------+
+------------------+ | PROOF OF CONCEPT | +------------------+
The full exploit code demonstrating code execution is available here: http://packetstormsecurity.com/files/123731/
+------------------------------------------------------------------------------+
+---------------+ | RELATED LINKS | +---------------+
http://technet.microsoft.com/en-us/security/bulletin/ms13-022 http://technet.microsoft.com/en-us/security/bulletin/ms13-087
+------------------------------------------------------------------------------+
+----------------+ | SHAMELESS PLUG | +----------------+
The Packet Storm Bug Bounty program gives researchers the ability to profit from their discoveries. You can get paid thousands of dollars for one day and zero day exploits. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Awareness System TA13-071A: Microsoft Updates for Multiple Vulnerabilities
Original release date: March 12, 2013
Systems Affected
- Microsoft Windows
- Microsoft Internet Explorer
- Microsoft Office
- Microsoft Server Software
- Microsoft Silverlight
Overview
Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
Description
The Microsoft Security Bulletin Summary for March 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities.
Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.
References
- Microsoft Security Bulletin Summary for March 2013
- Microsoft Windows Server Update Services
- Microsoft Update
- Microsoft Update Overview
- Turn Automatic Updating On or Off
Revision History
- March 12, 2013: Initial release
Relevant URL(s): http://technet.microsoft.com/en-us/security/bulletin/ms13-mar
http://windows.microsoft.com/en-us/windows7/Updating-your-computer
http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
http://technet.microsoft.com/en-us/wsus/default.aspx
http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off
http://technet.microsoft.com/en-us/security/bulletin/ms13-mar
Produced by US-CERT, a government organization.
This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification/
Privacy & Use policy: http://www.us-cert.gov/privacy/
This document can also be found at http://www.us-cert.gov/ncas/alerts/TA13-071A
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBUT98/HdnhE8Qi3ZhAQKWWAf/fFZnHgZvmXQXTRrAfeBn+/18xGeY63vY sMMFOdouCtqpG4C9ITzdIsBjRvTCdnAGPHRAArLrwzUxNVGw0ItIMlZ+tiNQ5wnK lPa//1eqCnNmVcZQCui28R4NJ/tCn09MJD3GANhRHsy6v6bp09xuGDF5RXTJuY4x gGfkc3t0+RQNdvpk3iFh0DtasMLnc6+u2bXMpfFD2aptKXGkFWQ9fQQOBECukPTZ 4BoQxT4+rUoeWUDn2qQvorSy7NHLGJI4m81Wm3JF+El9by/BuMKr3zArM0eV/3eq onzUCjhoBC8VEhtAK5h+ZvizRMGJO26XY+YE9fi8/R/zULJRikFmBw== =xdJ3 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "silverlight",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "silverlight",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.1.20125.0"
},
{
"model": "microsoft silverlight",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft silverlight",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "5"
},
{
"model": "microsoft silverlight",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "5 developer runtime 5.1.20125.0"
},
{
"model": "silverlight",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0.60401.0"
},
{
"model": "silverlight",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0.60818.0"
},
{
"model": "silverlight",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0.61118.0"
},
{
"model": "silverlight",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "58327"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-258"
},
{
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "James Forshaw of Context Information Security",
"sources": [
{
"db": "BID",
"id": "58327"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0074",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-0074",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-60076",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2013-0074",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-0074",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0074",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-0074",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-258",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-60076",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-0074",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60076"
},
{
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-258"
},
{
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka \"Silverlight Double Dereference Vulnerability.\". Microsoft Silverlight is prone to a remote code-execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. The platform enables building interactive applications for web, desktop and mobile devices. The vulnerability is caused by the program not properly validating pointers during rendering of HTML objects. These details were \nobtained through the Packet Storm Bug Bounty program and are being released \nto the community. \n\n+------------------------------------------------------------------------------+\n\n+---------+\n| DETAILS |\n+---------+\n\nA memory disclosure vulnerability exists in the public WriteableBitmap class\nfrom System.Windows.dll. This class allows reading of image pixels from the \nuser-defined data stream via the public SetSource() method. \n\nBitmapSource.ReadStream() allocates and returns byte array and a count of array\nitems as out parameters. These returned values are taken from the input stream\nand they can be fully controlled by the untrusted code. When returned \"count\" \nis greater than \"array.Length\", then data outside the \"array\" are used as input \nstream data by the native BitmapSource_SetSource() from agcore.dll. Later all \ndata can be viewed via the public WriteableBitmap.Pixels[] property. \n\n\n+------------------------------------------------------------------------------+\n\n+------------------+\n| PROOF OF CONCEPT |\n+------------------+\n\nThe full exploit code demonstrating code execution is available here:\nhttp://packetstormsecurity.com/files/123731/\n\n+------------------------------------------------------------------------------+\n\n+---------------+\n| RELATED LINKS |\n+---------------+\n\nhttp://technet.microsoft.com/en-us/security/bulletin/ms13-022\nhttp://technet.microsoft.com/en-us/security/bulletin/ms13-087\n\n+------------------------------------------------------------------------------+\n\n\n+----------------+\n| SHAMELESS PLUG |\n+----------------+\n\nThe Packet Storm Bug Bounty program gives researchers the ability to profit \nfrom their discoveries. You can get paid thousands of dollars for one day \nand zero day exploits. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNational Cyber Awareness System\nTA13-071A: Microsoft Updates for Multiple Vulnerabilities\n\nOriginal release date: March 12, 2013\n\nSystems Affected\n\n * Microsoft Windows\n * Microsoft Internet Explorer\n * Microsoft Office\n * Microsoft Server Software\n * Microsoft Silverlight\n\nOverview\n\nSelect Microsoft software products contain multiple vulnerabilities. \nMicrosoft has released updates to address these vulnerabilities. \n\nDescription\n\nThe Microsoft Security Bulletin Summary for March 2013 describes\nmultiple vulnerabilities in Microsoft software. Microsoft has released\nupdates to address these vulnerabilities. \n\nSolution\n\nApply Updates\n\nMicrosoft has provided updates for these vulnerabilities in the\nMicrosoft Security Bulletin Summary for March 2013, which describes any\nknown issues related to the updates. Administrators are encouraged to\nnote these issues and test for any potentially adverse effects. In\naddition, administrators should consider using an automated update\ndistribution system such as Windows Server Update Services (WSUS). Home\nusers are encouraged to enable automatic updates. \n\nReferences\n\n * Microsoft Security Bulletin Summary for March 2013\n * Microsoft Windows Server Update Services\n * Microsoft Update\n * Microsoft Update Overview\n * Turn Automatic Updating On or Off\n\nRevision History\n\n * March 12, 2013: Initial release\n\nRelevant URL(s):\n\u003chttp://technet.microsoft.com/en-us/security/bulletin/ms13-mar\u003e\n\n\u003chttp://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en\u0026amp;amp;\u0026amp;amp;thankspage=5\u0026amp;ln=en\u0026amp;thankspage=5\u003e\n\n\u003chttp://windows.microsoft.com/en-us/windows7/Updating-your-computer\u003e\n\n\u003chttp://technet.microsoft.com/en-us/windowsserver/bb332157.aspx\u003e\n\n\u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n\u003chttp://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off\u003e\n\n\u003chttp://technet.microsoft.com/en-us/security/bulletin/ms13-mar\u003e\n\n____________________________________________________________________\n\n Produced by US-CERT, a government organization. \n____________________________________________________________________\n\nThis product is provided subject to this Notification: \nhttp://www.us-cert.gov/privacy/notification/\n\nPrivacy \u0026 Use policy: \nhttp://www.us-cert.gov/privacy/\n\nThis document can also be found at\nhttp://www.us-cert.gov/ncas/alerts/TA13-071A\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBUT98/HdnhE8Qi3ZhAQKWWAf/fFZnHgZvmXQXTRrAfeBn+/18xGeY63vY\nsMMFOdouCtqpG4C9ITzdIsBjRvTCdnAGPHRAArLrwzUxNVGw0ItIMlZ+tiNQ5wnK\nlPa//1eqCnNmVcZQCui28R4NJ/tCn09MJD3GANhRHsy6v6bp09xuGDF5RXTJuY4x\ngGfkc3t0+RQNdvpk3iFh0DtasMLnc6+u2bXMpfFD2aptKXGkFWQ9fQQOBECukPTZ\n4BoQxT4+rUoeWUDn2qQvorSy7NHLGJI4m81Wm3JF+El9by/BuMKr3zArM0eV/3eq\nonzUCjhoBC8VEhtAK5h+ZvizRMGJO26XY+YE9fi8/R/zULJRikFmBw==\n=xdJ3\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0074"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"db": "BID",
"id": "58327"
},
{
"db": "VULHUB",
"id": "VHN-60076"
},
{
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"db": "PACKETSTORM",
"id": "123732"
},
{
"db": "PACKETSTORM",
"id": "120779"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41702",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-60076",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60076"
},
{
"db": "VULMON",
"id": "CVE-2013-0074"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0074",
"trust": 3.9
},
{
"db": "USCERT",
"id": "TA13-071A",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA15-119A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-258",
"trust": 0.7
},
{
"db": "BID",
"id": "58327",
"trust": 0.5
},
{
"db": "EXPLOIT-DB",
"id": "41702",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "123731",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "123732",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "29858",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124182",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-60076",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-0074",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120779",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60076"
},
{
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"db": "BID",
"id": "58327"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"db": "PACKETSTORM",
"id": "123732"
},
{
"db": "PACKETSTORM",
"id": "123731"
},
{
"db": "PACKETSTORM",
"id": "120779"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-258"
},
{
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"id": "VAR-201303-0226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-60076"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:28:21.765000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TA13-071A",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/security/bulletin/ms13-022"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/02/18/jamie_oliver_exploit_kit/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/02/13/rig_exploit_kit_source_code_leak/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/08/20/oi_rip_van_winkle_patch_already/"
},
{
"title": "https://github.com/omriher/CapTipper",
"trust": 0.1,
"url": "https://github.com/omriher/CapTipper "
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/archie-exploit-kit-targets-adobe-silverlight-vulnerabilities/108317/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/netflixers-beware-angler-exploit-kit-targets-silverlight-vulnerability/102968/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/ncas/alerts/ta13-071a"
},
{
"trust": 1.8,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022"
},
{
"trust": 1.8,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16516"
},
{
"trust": 1.8,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16565"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta13-071a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/ta/jvnta99041988/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0074"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2013/at130015.txt"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=11017"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ncas/alerts/ta15-119a"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3896"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0074"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/omriher/captipper"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/58327"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41702/"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/58327"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/bugbounty/"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms13-022"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms13-087"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/123731/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/privacy/notification/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/privacy/"
},
{
"trust": 0.1,
"url": "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off\u003e"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms13-mar\u003e"
},
{
"trust": 0.1,
"url": "http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en\u0026amp;amp;\u0026amp;amp;thankspage=5\u0026amp;ln=en\u0026amp;thankspage=5\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/mailing-lists-and-feeds/"
},
{
"trust": 0.1,
"url": "http://windows.microsoft.com/en-us/windows7/updating-your-computer\u003e"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx\u003e"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60076"
},
{
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"db": "BID",
"id": "58327"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"db": "PACKETSTORM",
"id": "123732"
},
{
"db": "PACKETSTORM",
"id": "123731"
},
{
"db": "PACKETSTORM",
"id": "120779"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-258"
},
{
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-60076"
},
{
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"db": "BID",
"id": "58327"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"db": "PACKETSTORM",
"id": "123732"
},
{
"db": "PACKETSTORM",
"id": "123731"
},
{
"db": "PACKETSTORM",
"id": "120779"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-258"
},
{
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-60076"
},
{
"date": "2013-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"date": "2013-03-12T00:00:00",
"db": "BID",
"id": "58327"
},
{
"date": "2013-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"date": "2013-10-23T01:03:08",
"db": "PACKETSTORM",
"id": "123732"
},
{
"date": "2013-10-23T00:55:43",
"db": "PACKETSTORM",
"id": "123731"
},
{
"date": "2013-03-13T05:05:00",
"db": "PACKETSTORM",
"id": "120779"
},
{
"date": "2013-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-258"
},
{
"date": "2013-03-13T00:55:01.137000",
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-26T00:00:00",
"db": "VULHUB",
"id": "VHN-60076"
},
{
"date": "2021-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2013-0074"
},
{
"date": "2013-11-27T00:24:00",
"db": "BID",
"id": "58327"
},
{
"date": "2024-07-04T06:49:00",
"db": "JVNDB",
"id": "JVNDB-2013-001803"
},
{
"date": "2019-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-258"
},
{
"date": "2024-11-21T01:46:49.873000",
"db": "NVD",
"id": "CVE-2013-0074"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "123731"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-258"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft\u00a0Silverlight\u00a05\u00a0 and \u00a0Silverlight\u00a05\u00a0Developer\u00a0Runtime\u00a0 Vulnerability to execute arbitrary code in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001803"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-258"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.