Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2013 Greenbone AGOPENVAS:1361412562310902955
HistoryMar 13, 2013 - 12:00 a.m.

Microsoft Silverlight Remote Code Execution Vulnerability (2814124) - Mac OS X

2013-03-1300:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
55

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.938 High

EPSS

Percentile

99.1%

JSON

This host is missing a critical security update according to
Microsoft Bulletin MS13-022.

# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902955");
  script_version("2024-07-01T05:05:39+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2013-0074");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-07-01 05:05:39 +0000 (Mon, 01 Jul 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-06-28 17:26:06 +0000 (Fri, 28 Jun 2024)");
  script_tag(name:"creation_date", value:"2013-03-13 12:40:20 +0530 (Wed, 13 Mar 2013)");
  script_name("Microsoft Silverlight Remote Code Execution Vulnerability (2814124) - Mac OS X");
  script_xref(name:"URL", value:"http://support.microsoft.com/kb/2814124");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/58327");
  script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022");

  script_copyright("Copyright (C) 2013 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gb_ms_silverlight_detect_macosx.nasl");
  script_mandatory_keys("MS/Silverlight/MacOSX/Ver");

  script_tag(name:"impact", value:"Successful exploitation could allow an attacker to execute arbitrary code.");

  script_tag(name:"affected", value:"Microsoft Silverlight version 5 on Mac OS X.");

  script_tag(name:"insight", value:"The flaw is due to a double-free error when rendering a HTML object, which
  can be exploited via a specially crafted Silverlight application.");

  script_tag(name:"solution", value:"The vendor has released an update. Please see the references for more information.");

  script_tag(name:"summary", value:"This host is missing a critical security update according to
  Microsoft Bulletin MS13-022.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");

slightVer = get_kb_item("MS/Silverlight/MacOSX/Ver");

if(!slightVer || slightVer !~ "^5\."){
  exit(0);
}

if(version_in_range(version:slightVer, test_version:"5.0", test_version2:"5.1.20124.0")){
   security_message( port: 0, data: "The target host was found to be vulnerable" );
}

Related

threatpost 4
cisa_kev 1
nvd 1
zdt 3
openvas 3
securityvulns 3
nessus 2
attackerkb 1
prion 1
cvelist 1
cve 1
symantec 1
seebug 1
metasploit 1
thn 1
packetstorm 1
checkpoint_advisories 1
exploitdb 2
avleonov 1
qualysblog 1
threatpost
threatpost
Blackhole and Cool Exploit Kits Nearly Extinct
2013-11-26 11:19:11
Exploit Kit Adds Vector for Silverlight Vulnerability
2013-11-19 15:24:15
Critical IE, Windows Kernel Flaws Patched
2013-03-12 18:28:50
cisa_kev
cisa_kev
Microsoft Silverlight Double Dereference Vulnerability
2022-05-25 00:00:00
nvd
nvd
CVE-2013-0074
2013-03-13 00:55:01
zdt
zdt
MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
2013-11-27 00:00:00
Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) Exploit
2017-03-23 00:00:00
Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
2013-11-26 00:00:00
openvas
openvas
Microsoft Silverlight Remote Code Execution Vulnerability (2814124)
2013-03-13 00:00:00
Microsoft Silverlight Remote Code Execution Vulnerability-2814124 (Mac OS X)
2013-03-13 00:00:00
Microsoft Silverlight Remote Code Execution Vulnerability (2814124)
2013-03-13 00:00:00
securityvulns
securityvulns
Microsoft Silverlight code execution
2013-03-13 00:00:00
[PSA-2013-1022-1] Microsoft Silverlight Invalid Typecast / Memory Disclosure
2013-11-05 00:00:00
Microsoft Silverlight information leakage
2013-11-05 00:00:00
nessus
nessus
MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) (Mac OS X)
2013-03-12 00:00:00
MS13-022: Vulnerability in Microsoft Silverlight Could Allow Remote Code Execution (2814124)
2013-03-12 00:00:00
attackerkb
attackerkb
CVE-2013-0074
2013-03-13 00:00:00
prion
prion
Double free
2013-03-13 00:55:00
cvelist
cvelist
CVE-2013-0074
2013-03-13 00:00:00
cve
cve
CVE-2013-0074
2013-03-13 00:55:01
symantec
symantec
Microsoft Silverlight Double Deference CVE-2013-0074 Remote Code Execution Vulnerability
2013-03-12 00:00:00
seebug
seebug
MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
2014-07-01 00:00:00
metasploit
metasploit
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
2013-11-22 22:41:56
thn
thn
Netflix Users Targeted by Microsoft Silverlight Exploits
2014-05-21 01:59:00
packetstorm
packetstorm
Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
2013-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Silverlight Pointer Dereference Memory Corruption (MS13-022; CVE-2013-0074; CVE-2013-3896)
2013-04-02 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022) (Metasploit)
2013-11-27 00:00:00
Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit)
2013-03-12 00:00:00
avleonov
avleonov
September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM
2023-09-30 19:31:42
qualysblog
qualysblog
Qualys Top 20 Most Exploited Vulnerabilities
2023-09-04 14:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.938 High

EPSS

Percentile

99.1%

JSON
Related for OPENVAS:1361412562310902955
threatpost4cisa_kev1nvd1zdt3openvas3securityvulns3nessus2attackerkb1prion1cvelist1cve1symantec1seebug1metasploit1thn1packetstorm1checkpoint_advisories1exploitdb2avleonov1qualysblog1