Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Silverlight vulnerability could allow remote code execution


Report ID: MS201303002
Date Published: 13 March 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Silverlight 5
Microsoft Silverlight 5 Developer Runtime




Summary

A vulnerability in Microsoft Silverlight could, upon successful exploitation, allow an attacker to execute arbitrary code on a system in the context of the logged-on user. 



Detailed Description

Microsoft has issued a security update to address a vulnerability in Microsoft Silverlight. The vulnerability was caused by incorrect checking of a memory pointer when rendering a HTML object. An attacker could exploit this situation to execute arbitrary code and take control of an affected system. 

This issue has been resolved by correcting the way that Silverlight checks memory pointers when rendering HTML objects. Users are recommended to install the update to protect their system from possible exploit attempts.



CVE Reference

CVE-2013-0074



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-022)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.