This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2011-05-03
Product Silverlight Last view 2015-05-13
Version 4.0.51204.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:silverlight

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2015-05-13 CVE-2015-1715

Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability."

9.3 2015-05-13 CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

9.3 2013-03-12 CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

9.3 2012-05-08 CVE-2012-0176

Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."

9.3 2012-05-08 CVE-2012-0159

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

9.3 2012-02-14 CVE-2012-0014

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

7.8 2011-05-03 CVE-2011-1845

Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element.

7.8 2011-05-03 CVE-2011-1844

Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection.

CWE : Common Weakness Enumeration

%idName
57% (4) CWE-399 Resource Management Errors
14% (1) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
14% (1) CWE-19 Data Handling

Open Source Vulnerability Database (OSVDB)

id Description
75271 Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS
75269 Microsoft Silverlight DependencyProperty Property Handling Remote DoS

ExploitDB Exploits

id Description
29858 MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access

OpenVAS Exploits

id Description
2012-06-13 Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-05-14 Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09 Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl
2012-02-15 Name : Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vuln...
File : nvt/secpod_ms12-016.nasl
2011-05-16 Name : Microsoft Silverlight Multiple Memory Leak Vulnerabilities
File : nvt/gb_ms_silverlight_multiple_memory_leak_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0064 Microsoft Silverlight Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0037405

Snort® IPS/IDS

Date Description
2016-03-22 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 37801 - Type : BROWSER-PLUGINS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34441 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34440 - Type : OS-WINDOWS - Revision : 2
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 4
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3
2014-01-30 Angler exploit kit XORed payload download attempt
RuleID : 29066 - Type : EXPLOIT-KIT - Revision : 5
2014-01-10 Angler exploit kit payload download attempt
RuleID : 28616 - Type : EXPLOIT-KIT - Revision : 4
2014-01-10 Angler exploit kit exploit download attempt
RuleID : 28615 - Type : EXPLOIT-KIT - Revision : 6
2014-01-10 Angler exploit kit landing page
RuleID : 28614 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Angler exploit kit landing page - specific-structure
RuleID : 28613 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Multiple exploit kit Silverlight exploit download
RuleID : 28612 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28584 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28583 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28582 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28581 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28580 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28579 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Windows True Type Font maxComponentPoints overflow attempt
RuleID : 27576 - Type : FILE-OTHER - Revision : 5
2014-01-10 Microsoft Windows True Type Font maxComponentPoints overflow attempt
RuleID : 22087 - Type : FILE-OTHER - Revision : 9
2014-01-10 Microsoft Silverlight privilege escalation attempt
RuleID : 21299 - Type : BROWSER-PLUGINS - Revision : 11

Nessus® Vulnerability Scanner

id Description
2015-05-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Windows host is af...
File: smb_nt_ms15-049.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms13-022.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: A browser enhancement on the remote Windows host could allow arbitrary code e...
File: smb_nt_ms13-022.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: Arbitrary code can be executed on the remote host through Microsoft Lync.
File: smb_nt_ms12-039.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms12-034.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms12-034.nasl - Type: ACT_GATHER_INFO
2012-02-22 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms12-016.nasl - Type: ACT_GATHER_INFO
2012-02-14 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms12-016.nasl - Type: ACT_GATHER_INFO
2011-05-06 Name: The remote host contains a browser plug-in that is affected by multiple memor...
File: smb_kb2526954.nasl - Type: ACT_GATHER_INFO