===================================================================== CERT-Renater Note d'Information No. 2013/VULN450 _____________________________________________________________________ DATE : 09/10/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft Silverlight version 5. ====================================================================== KB2890788 https://technet.microsoft.com/en-us/security/bulletin/ms13-087 ______________________________________________________________________ Microsoft Security Bulletin MS13-087 - Important Vulnerability in Silverlight Could Allow Information Disclosure (2890788) Published: Tuesday, October 08, 2013 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that is designed to exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. This security update is rated Important for Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac and all supported releases of Microsoft Windows. Affected Software Microsoft Silverlight 5 Microsoft Silverlight 5 Developer Runtime Vulnerability Information Silverlight Vulnerability - CVE-2013-3896 An information disclosure vulnerability exists in how Silverlight handles certain objects in memory. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================