1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: MS Silverlight CVE-2013-0074 6

Web Attack: MS Silverlight CVE-2013-0074 6

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a Double Dereference vulnerability in Microsoft Silverlight which may result in remote code execution.

Additional Information

Microsoft Silverlight is a web application framework that provides support for .NET applications. Its security model limits the privileges granted to .NET applications.

Silverlight is prone to a remote code-execution vulnerability due to a double dereference error. This may allow an attacker to access the memory in an unsafe manner using a specially crafted application. An attacker can exploit this issue to install programs, view, change, or delete data, or create new accounts with full user rights.

Successful exploit may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition.

Affected

  • Microsoft Silverlight
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube