CVE-2013-0074

HIGH KEV RANSOMWARE

Microsoft Silverlight <5.1.20125.0 - RCE

Title source: llm

Description

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/29858
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/41702
metasploit WORKING POC NORMAL
by James Forshaw, Vitaliy Toropov, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb

References (5)

Scores

CVSS v3 7.8
EPSS 0.9305
EPSS Percentile 99.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-25
VulnCheck KEV 2014-06-06
InTheWild.io 2013-11-15
ENISA EUVD EUVD-2013-0117
Ransomware Use Confirmed
Status published
Products (1)
microsoft/silverlight 5.0 - 5.1.20125.0
Published Mar 13, 2013
KEV Added May 25, 2022
Tracked Since Feb 18, 2026