MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) (Mac OS X)

High Nessus Plugin ID 65216

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9.4

Synopsis

A multimedia application framework installed on the remote Mac OS X host is affected a remote code execution vulnerability.

Description

The version of Microsoft Silverlight installed on the remote host reportedly incorrectly checks a memory pointer when rendering an HTML object, which could allow a specially crafted application to access memory in an unsafe fashion.

If an attacker could trick a user on the affected system into visiting a website hosting a malicious Silverlight application, the attacker could leverage this vulnerability to execute arbitrary code on the affected system, subject to the user's privileges.

Solution

Microsoft has released a patch for Silverlight 5.

See Also

http://technet.microsoft.com/en-us/security/bulletin/ms13-022

Plugin Details

Severity: High

ID: 65216

File Name: macosx_ms13-022.nasl

Version: 1.17

Type: local

Agent: macosx

Published: 2013/03/12

Updated: 2018/07/14

Dependencies: 58091

Risk Information

Risk Factor: High

VPR Score: 9.4

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:silverlight

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Silverlight/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/03/12

Vulnerability Publication Date: 2013/03/12

Exploitable With

Core Impact

Metasploit (MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access)

Reference Information

CVE: CVE-2013-0074

BID: 58327

MSFT: MS13-022

MSKB: 2814124