RCE in Microsoft Silverlight

CVE-2013-3178

Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Nul…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.590 (98.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Silverlight — versions 5.0.60401.0, 5.0.60818.0, 5.0.61118.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

MS13-052 (x_refsource_MS, vendor-advisory)
1028755 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
oval:org.mitre.oval:def:16892 (x_refsource_OVAL, signature, vdb-entry)
oval:org.mitre.oval:def:17389 (x_refsource_OVAL, signature, vdb-entry)
TA13-190A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)