Vulnerability Details : CVE-2013-3896
Public exploit exists!
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
Vulnerability category: Input validation
CVE-2013-3896 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Silverlight Information Disclosure Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.
Added on
2022-05-25
Action due date
2022-06-15
Exploit prediction scoring system (EPSS) score for CVE-2013-3896
Probability of exploitation activity in the next 30 days: 23.94%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-3896
-
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
Disclosure Date: 2013-03-12First seen: 2020-04-26exploit/windows/browser/ms13_022_silverlight_script_objectThis module exploits a vulnerability in Microsoft Silverlight. The vulnerability exists on the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible
CVSS scores for CVE-2013-3896
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-3896
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3896
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19055
Repository / Oval Repository
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-087
Microsoft Security Bulletin MS13-087 - Important | Microsoft Docs
-
http://www.us-cert.gov/ncas/alerts/TA13-288A
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19003
Repository / Oval Repository
Products affected by CVE-2013-3896
- cpe:2.3:a:microsoft:silverlight:5.0.61118.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc:*:*:*:*:*:*
- cpe:2.3:a:microsoft:silverlight:5.0.60401.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:silverlight:5.1.20125.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:silverlight:5.1.10411.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:silverlight:5.0.60818.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:silverlight:5.1.20513.0:*:*:*:*:*:*:*