Vulnerability Details : CVE-2013-3896
Public exploit exists!
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
Products affected by CVE-2013-3896
- cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*
CVE-2013-3896 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Silverlight Information Disclosure Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2013-3896
Added on
2022-05-25
Action due date
2022-06-15
Exploit prediction scoring system (EPSS) score for CVE-2013-3896
13.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-3896
-
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
Disclosure Date: 2013-03-12First seen: 2020-04-26exploit/windows/browser/ms13_022_silverlight_script_objectThis module exploits a vulnerability in Microsoft Silverlight. The vulnerability exists on the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible
CVSS scores for CVE-2013-3896
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | 2024-06-28 |
References for CVE-2013-3896
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19055
Repository / Oval RepositoryBroken Link
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-087
Microsoft Security Bulletin MS13-087 - Important | Microsoft DocsPatch;Vendor Advisory
-
http://www.us-cert.gov/ncas/alerts/TA13-288A
Microsoft Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19003
Repository / Oval RepositoryBroken Link
Jump to