Pointer Validation Issue in Microsoft Silverlight 5
CVE-2013-3896

5.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Silverlight
Vendor
CVE Published:
9 October 2013

Badges

👾 Exploit Exists🟣 EPSS 78%🦅 CISA Reported

What is CVE-2013-3896?

Microsoft Silverlight 5 prior to version 5.1.20913.0 contains a pointer validation flaw that could be exploited by remote attackers through specially crafted Silverlight applications. This allows attackers to access sensitive information, posing a significant risk to users who rely on Silverlight for web-based applications.

CISA has reported CVE-2013-3896

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2013-3896 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: The impacted product is end-of-life and should be disconnected if still in use.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.us-cert.gov/ncas/alerts/TA13-288A
third-party-advisoryx_refsource_CERT

EPSS Score

78% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.