CVE-2013-3178

2013-07-1003:46:00

CWE-94

[email protected]

web.nvd.nist.gov

107

microsoft

silverlight

cve-2013-3178

security

vulnerability

remote attackers

arbitrary code

denial of service

7.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.938 High

EPSS

Percentile

99.1%

JSON

Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka “Null Pointer Vulnerability.”

CPENameOperatorVersion
microsoft:silverlightmicrosoft silverlighteq5.0.60818.0
microsoft:silverlightmicrosoft silverlighteq5.1.10411.0
microsoft:silverlightmicrosoft silverlighteq5.0.61118.0
microsoft:silverlightmicrosoft silverlighteq5.1.20125.0
microsoft:silverlightmicrosoft silverlighteq5.0.60401.0

CPE	Name	Operator	Version
microsoft:silverlight	microsoft silverlight	eq	5.0.60818.0
microsoft:silverlight	microsoft silverlight	eq	5.1.10411.0
microsoft:silverlight	microsoft silverlight	eq	5.0.61118.0
microsoft:silverlight	microsoft silverlight	eq	5.1.20125.0
microsoft:silverlight	microsoft silverlight	eq	5.0.60401.0