Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2011-05-03 |
| Product | Silverlight | Last view | 2015-05-13 |
| Version | 4.0.60129.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:silverlight | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2015-05-13 | CVE-2015-1715 | Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability." |
| 9.3 | 2015-05-13 | CVE-2015-1671 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." |
| 9.3 | 2013-03-12 | CVE-2013-0074 | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." |
| 9.3 | 2012-05-08 | CVE-2012-0176 | Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." |
| 9.3 | 2012-05-08 | CVE-2012-0159 | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." |
| 9.3 | 2012-02-14 | CVE-2012-0014 | Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." |
| 7.8 | 2011-05-03 | CVE-2011-1845 | Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element. |
| 7.8 | 2011-05-03 | CVE-2011-1844 | Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 57% (4) | CWE-399 | Resource Management Errors |
| 14% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 14% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 14% (1) | CWE-19 | Data Handling |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75271 | Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS |
| 75269 | Microsoft Silverlight DependencyProperty Property Handling Remote DoS |
ExploitDB Exploits
| id | Description |
|---|---|
| 29858 | MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-06-13 | Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl |
| 2012-05-14 | Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) File : nvt/secpod_ms12-034_macosx.nasl |
| 2012-05-09 | Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268... File : nvt/secpod_ms12-034.nasl |
| 2012-02-15 | Name : Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vuln... File : nvt/secpod_ms12-016.nasl |
| 2011-05-16 | Name : Microsoft Silverlight Multiple Memory Leak Vulnerabilities File : nvt/gb_ms_silverlight_multiple_memory_leak_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0064 | Microsoft Silverlight Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0037405 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-03-22 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 37801 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34441 - Type : OS-WINDOWS - Revision : 2 |
| 2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34440 - Type : OS-WINDOWS - Revision : 2 |
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 5 |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-01-30 | Angler exploit kit XORed payload download attempt RuleID : 29066 - Type : EXPLOIT-KIT - Revision : 5 |
| 2014-01-10 | Angler exploit kit payload download attempt RuleID : 28616 - Type : EXPLOIT-KIT - Revision : 4 |
| 2014-01-10 | Angler exploit kit exploit download attempt RuleID : 28615 - Type : EXPLOIT-KIT - Revision : 6 |
| 2014-01-10 | Angler exploit kit landing page RuleID : 28614 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-01-10 | Angler exploit kit landing page - specific-structure RuleID : 28613 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-01-10 | Multiple exploit kit Silverlight exploit download RuleID : 28612 - Type : EXPLOIT-KIT - Revision : 4 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28584 - Type : BROWSER-PLUGINS - Revision : 6 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28583 - Type : BROWSER-PLUGINS - Revision : 6 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28582 - Type : BROWSER-PLUGINS - Revision : 6 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28581 - Type : BROWSER-PLUGINS - Revision : 7 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28580 - Type : BROWSER-PLUGINS - Revision : 7 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28579 - Type : BROWSER-PLUGINS - Revision : 7 |
| 2014-01-10 | Microsoft Windows True Type Font maxComponentPoints overflow attempt RuleID : 27576 - Type : FILE-OTHER - Revision : 5 |
| 2014-01-10 | Microsoft Windows True Type Font maxComponentPoints overflow attempt RuleID : 22087 - Type : FILE-OTHER - Revision : 9 |
| 2014-01-10 | Microsoft Silverlight privilege escalation attempt RuleID : 21299 - Type : BROWSER-PLUGINS - Revision : 11 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-05-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO |
| 2015-05-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO |
| 2015-05-12 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms15-049.nasl - Type: ACT_GATHER_INFO |
| 2013-03-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms13-022.nasl - Type: ACT_GATHER_INFO |
| 2013-03-12 | Name: A browser enhancement on the remote Windows host could allow arbitrary code e... File: smb_nt_ms13-022.nasl - Type: ACT_GATHER_INFO |
| 2012-06-13 | Name: Arbitrary code can be executed on the remote host through Microsoft Lync. File: smb_nt_ms12-039.nasl - Type: ACT_GATHER_INFO |
| 2012-05-09 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms12-034.nasl - Type: ACT_GATHER_INFO |
| 2012-05-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms12-034.nasl - Type: ACT_GATHER_INFO |
| 2012-02-22 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms12-016.nasl - Type: ACT_GATHER_INFO |
| 2012-02-14 | Name: The .NET Framework install on the remote Windows host could allow arbitrary c... File: smb_nt_ms12-016.nasl - Type: ACT_GATHER_INFO |
| 2011-05-06 | Name: The remote host contains a browser plug-in that is affected by multiple memor... File: smb_kb2526954.nasl - Type: ACT_GATHER_INFO |
