Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2013-0074

Published: 13/03/2013 Updated: 22/09/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Microsoft Silverlight 5, and 5 Developer Runtime, prior to 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote malicious users to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft silverlight

microsoft silverlight 5.0.60401.0

microsoft silverlight 5.0.60818.0

Exploits

Exploit DB: Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
This Metasploit module exploits a vulnerability on Microsoft Silverlight The vulnerability exists on the Initialize() method from SystemWindowsBrowserScriptObject, which access memory in an unsafe manner Since it is accessible for untrusted code (user controlled) it's possible to dereference arbitrary memory which easily leverages to arbitrary ...
Exploit DB: Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer MANIFEST = <<-EOS <Deployment xmlns="schemasmi ...
Exploit DB: Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022) (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer MANIFEST = <<-EOS <Deployment xmlns="schemasmicrosof ...

Github Repositories

https://github.com/omriher/CapTipper

Malicious HTTP traffic explorer

CapTipper v03 CapTipper v03: wwwomrihercom/2015/08/captipper-v03-is-outhtml CapTipper v02: wwwomrihercom/2015/03/captipper-02-releasedhtml CapTipper v01: wwwomrihercom/2015/01/captipper-malicious-http-traffichtml CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic CapTipper sets up a web server that acts exactly a

Recent Articles

Jamie Oliver serves up steaming pile of malware
The Register • Darren Pauli • 18 Feb 2015

Hacker recipe: a dash of Flash, a sprinkle of Silverlight, a pinch of Java and YOU'RE DONE

Tousle-haired celebrity chef Jamie Oliver has served up a stomach-churning exploit kit to those who visit his web site. His eponymous .com site, ranked 519 in the UK and drawing some 10 million visitors a month was compromised to plate-up the foul-tasting Fiesta exploit kit to compromise user machines. Malwarebytes senior researcher Jérôme Segura said crook cooks orchestrated a "carefully and well hidden" attack and hid an iframe URL with base-64 encoding. "The web masters will need to look fo...

Read more...
Biter bitten as hacker leaks source code for popular exploit kit
The Register • Darren Pauli • 13 Feb 2015

There is no honour among thieves

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators including UK hacker known as MalwareTech (@MalwareTechBlog) and French bod Kaffeine (@kafeine) discovered the source code being slung on HackForums by the apparent former r...

Read more...
Oi! Rip Van Winkle: PATCH, already
The Register • Darren Pauli • 20 Aug 2014

Stuxnet, Sality, Gauss, Flame still infecting your unpatched boxen

Nearly 20 million computers remain infected with malware targeting a vulnerability first targeted four years ago by the Stuxnet worm. The flaw (CVE-2010-2568) was a Windows operating system bug in the way shortcuts worked allowing quiet download of the random dynamic library on Win Server 2003 and XP through to version 7. Since July 2010 it has continued to power the Sality worm, and fueled Stuxnet and its derivatives Flame and Gauss on unpatched machines. The Red October malware emerged in Janu...

Read more...

References

NVD-CWE-noinfohttp://www.us-cert.gov/ncas/alerts/TA13-071Ahttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022https://nvd.nist.govhttps://github.com/omriher/CapTipperhttps://packetstormsecurity.com/files/124182/Microsoft-Internet-Explorer-COALineDashStyleArray-Unsafe-Memory-Access.htmlhttps://www.exploit-db.com/exploits/41702/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook