This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2010-08-11
Product Silverlight Last view 2015-05-13
Version 2.0.31005.00 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:silverlight

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2015-05-13 CVE-2015-1715

Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability."

9.3 2015-05-13 CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

9.3 2013-03-12 CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

7.8 2011-05-03 CVE-2011-1845

Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element.

7.8 2011-05-03 CVE-2011-1844

Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection.

9.3 2010-08-11 CVE-2010-0019

Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-399 Resource Management Errors
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
20% (1) CWE-19 Data Handling

Open Source Vulnerability Database (OSVDB)

id Description
75271 Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS
75269 Microsoft Silverlight DependencyProperty Property Handling Remote DoS
66992 Microsoft Silverlight Pointer Handling Unspecified Memory Corruption

ExploitDB Exploits

id Description
29858 MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access

OpenVAS Exploits

id Description
2011-05-16 Name : Microsoft Silverlight Multiple Memory Leak Vulnerabilities
File : nvt/gb_ms_silverlight_multiple_memory_leak_vuln.nasl
2010-08-11 Name : Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2...
File : nvt/secpod_ms10-060.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0064 Microsoft Silverlight Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0037405

Snort® IPS/IDS

Date Description
2016-03-22 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 37801 - Type : BROWSER-PLUGINS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34441 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34440 - Type : OS-WINDOWS - Revision : 2
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 4
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3
2014-01-30 Angler exploit kit XORed payload download attempt
RuleID : 29066 - Type : EXPLOIT-KIT - Revision : 5
2014-01-10 Angler exploit kit payload download attempt
RuleID : 28616 - Type : EXPLOIT-KIT - Revision : 4
2014-01-10 Angler exploit kit exploit download attempt
RuleID : 28615 - Type : EXPLOIT-KIT - Revision : 6
2014-01-10 Angler exploit kit landing page
RuleID : 28614 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Angler exploit kit landing page - specific-structure
RuleID : 28613 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Multiple exploit kit Silverlight exploit download
RuleID : 28612 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28584 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28583 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28582 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28581 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28580 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28579 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft SilverLight ImageSource remote code execution attempt
RuleID : 17114 - Type : OS-WINDOWS - Revision : 15

Nessus® Vulnerability Scanner

id Description
2015-05-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Windows host is af...
File: smb_nt_ms15-049.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms13-022.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: A browser enhancement on the remote Windows host could allow arbitrary code e...
File: smb_nt_ms13-022.nasl - Type: ACT_GATHER_INFO
2011-05-06 Name: The remote host contains a browser plug-in that is affected by multiple memor...
File: smb_kb2526954.nasl - Type: ACT_GATHER_INFO
2010-08-11 Name: The Microsoft .NET Common Language Runtime and/or Microsoft Silverlight have ...
File: smb_nt_ms10-060.nasl - Type: ACT_GATHER_INFO