Microsoft Silverlight vulnerability could allow remote code execution
Report ID: MS201303002
Date Published: 13 March 2013
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Silverlight 5
Microsoft Silverlight 5 Developer Runtime
Summary
A vulnerability in Microsoft Silverlight could, upon successful exploitation, allow an attacker to execute arbitrary code on a system in the context of the logged-on user.
Detailed Description
Microsoft has issued a security update to address a vulnerability in Microsoft Silverlight. The vulnerability was caused by incorrect checking of a memory pointer when rendering a HTML object. An attacker could exploit this situation to execute arbitrary code and take control of an affected system.
This issue has been resolved by correcting the way that Silverlight checks memory pointers when rendering HTML objects. Users are recommended to install the update to protect their system from possible exploit attempts.
CVE Reference
CVE-2013-0074
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-022)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
