(MS13-087) Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
Severity: HIGH
CVE Identifier: CVE-2013-3896
Advisory Date: OCT 09, 2013
DESCRIPTION
This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that is designed to exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.�
Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
SOLUTION
AFFECTED SOFTWARE AND VERSION
- Microsoft Silverlight 5 when installed on Mac
- Microsoft Silverlight 5 Developer Runtime when installed on Mac
- Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows clients
- Microsoft Silverlight 5 Developer Runtime when installed on all supported releases of Microsoft Windows clients
- Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows servers
- Microsoft Silverlight 5 Developer Runtime when installed on all supported releases of Microsoft Windows servers
Featured Stories
Update on Exposed MCP Servers: The Threat Widens to the CloudExposed Model Context Protocol (MCP) servers have become powerful vectors for cloud attacks, enabling threat actors to not only access sensitive data but also take control of the cloud services themselves.Read more
Old Vulnerabilities, New AI Era, Amplified Risk: How Outdated Flaws Continue to Fuel the N-Day Exploit MarketEven as AI adoption accelerates, old exploits remain overlooked weaknesses. Underground trends show a renewed demand for exploits, with cybercriminals relying on aging but still effective vulnerabilities. We examine this blind spot and why long-standing issues need to be addressed.Read more
Beware of MCP Hardcoded Credentials: A Perfect Target for Threat ActorsPoor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.Read more
Lessons in Resilience from the Race to Patch SharePoint VulnerabilitiesIn this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.Read more