Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2013-03-12 |
| Product | Silverlight | Last view | 2017-06-14 |
| Version | 5.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:silverlight | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2017-06-14 | CVE-2017-8527 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability". |
| 7.8 | 2017-03-16 | CVE-2017-0108 | The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014. |
| 5.5 | 2016-10-13 | CVE-2016-3209 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." |
| 8.8 | 2016-09-14 | CVE-2016-3367 | StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." |
| 8.8 | 2016-01-13 | CVE-2016-0034 | Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability." |
| 9.3 | 2015-12-09 | CVE-2015-6166 | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka "Microsoft Silverlight RCE Vulnerability." |
| 4.3 | 2015-12-09 | CVE-2015-6165 | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114. |
| 4.3 | 2015-12-09 | CVE-2015-6114 | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165. |
| 9.3 | 2015-12-09 | CVE-2015-6108 | The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." |
| 9.3 | 2015-05-13 | CVE-2015-1715 | Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability." |
| 9.3 | 2015-05-13 | CVE-2015-1671 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." |
| 9.3 | 2013-03-12 | CVE-2013-0074 | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 45% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 27% (3) | CWE-200 | Information Exposure |
| 9% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 9% (1) | CWE-20 | Improper Input Validation |
| 9% (1) | CWE-19 | Data Handling |
ExploitDB Exploits
| id | Description |
|---|---|
| 29858 | MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0064 | Microsoft Silverlight Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0037405 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-08-16 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 47172 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2018-08-16 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 47171 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2017-04-12 | Microsoft Windows Uniscribe privilege escalation attempt RuleID : 41933 - Type : FILE-OTHER - Revision : 2 |
| 2017-04-12 | Microsoft Windows Uniscribe privilege escalation attempt RuleID : 41932 - Type : FILE-OTHER - Revision : 2 |
| 2016-12-20 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 40814 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2016-12-20 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 40813 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2016-11-08 | Microsoft Windows malformed TrueType file RCVT out of bounds read attempt RuleID : 40409 - Type : FILE-OTHER - Revision : 2 |
| 2016-11-08 | Microsoft Windows malformed TrueType file RCVT out of bounds read attempt RuleID : 40408 - Type : FILE-OTHER - Revision : 2 |
| 2016-03-22 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 37801 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2016-03-14 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 37268 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2016-03-14 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 37267 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2016-03-14 | Microsoft .NET Silverlight manifest resource file information disclosure attempt RuleID : 36998 - Type : OS-WINDOWS - Revision : 2 |
| 2016-03-14 | Microsoft .NET Silverlight manifest resource file information disclosure attempt RuleID : 36997 - Type : OS-WINDOWS - Revision : 2 |
| 2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34441 - Type : OS-WINDOWS - Revision : 2 |
| 2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34440 - Type : OS-WINDOWS - Revision : 2 |
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 4 |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-01-30 | Angler exploit kit XORed payload download attempt RuleID : 29066 - Type : EXPLOIT-KIT - Revision : 5 |
| 2014-01-10 | Angler exploit kit payload download attempt RuleID : 28616 - Type : EXPLOIT-KIT - Revision : 4 |
| 2014-01-10 | Angler exploit kit exploit download attempt RuleID : 28615 - Type : EXPLOIT-KIT - Revision : 6 |
| 2014-01-10 | Angler exploit kit landing page RuleID : 28614 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-01-10 | Angler exploit kit landing page - specific-structure RuleID : 28613 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-01-10 | Multiple exploit kit Silverlight exploit download RuleID : 28612 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28584 - Type : BROWSER-PLUGINS - Revision : 6 |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28583 - Type : BROWSER-PLUGINS - Revision : 6 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-06-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_win2008.nasl - Type: ACT_GATHER_INFO |
| 2017-06-14 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: A web application framework running on the remote host is affected by multipl... File: smb_nt_ms17_jun_4023307.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022727.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022726.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022725.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022724.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022719.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022715.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022714.nasl - Type: ACT_GATHER_INFO |
| 2017-03-17 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17-013.nasl - Type: ACT_GATHER_INFO |
| 2016-10-12 | Name: A multimedia application framework installed on the remote macOS or Mac OS X ... File: macosx_ms16-120.nasl - Type: ACT_GATHER_INFO |
| 2016-10-12 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO |
| 2016-09-13 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms16-109.nasl - Type: ACT_GATHER_INFO |
| 2016-09-13 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms16-109.nasl - Type: ACT_GATHER_INFO |
| 2016-01-12 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms16-006.nasl - Type: ACT_GATHER_INFO |
| 2016-01-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms16-006.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms15-129.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: The remote host is affected by multiple remote code execution vulnerabilities. File: smb_nt_ms15-128.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-129.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-128.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO |
| 2015-05-12 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms15-049.nasl - Type: ACT_GATHER_INFO |
| 2015-05-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO |
| 2013-03-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms13-022.nasl - Type: ACT_GATHER_INFO |
