This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2013-03-12
Product Silverlight Last view 2017-06-14
Version 5.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:silverlight

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2017-06-14 CVE-2017-8527

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".

7.8 2017-03-16 CVE-2017-0108

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.

5.5 2016-10-13 CVE-2016-3209

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."

8.8 2016-09-14 CVE-2016-3367

StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."

8.8 2016-01-13 CVE-2016-0034

Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."

9.3 2015-12-09 CVE-2015-6166

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka "Microsoft Silverlight RCE Vulnerability."

4.3 2015-12-09 CVE-2015-6165

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114.

4.3 2015-12-09 CVE-2015-6114

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165.

9.3 2015-12-09 CVE-2015-6108

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

9.3 2015-05-13 CVE-2015-1715

Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability."

9.3 2015-05-13 CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

9.3 2013-03-12 CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

CWE : Common Weakness Enumeration

%idName
45% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
27% (3) CWE-200 Information Exposure
9% (1) CWE-264 Permissions, Privileges, and Access Controls
9% (1) CWE-20 Improper Input Validation
9% (1) CWE-19 Data Handling

ExploitDB Exploits

id Description
29858 MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0064 Microsoft Silverlight Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0037405

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2018-08-16 Microsoft Silverlight GetChar out of bounds read attempt
RuleID : 47172 - Type : BROWSER-PLUGINS - Revision : 1
2018-08-16 Microsoft Silverlight GetChar out of bounds read attempt
RuleID : 47171 - Type : BROWSER-PLUGINS - Revision : 1
2017-04-12 Microsoft Windows Uniscribe privilege escalation attempt
RuleID : 41933 - Type : FILE-OTHER - Revision : 2
2017-04-12 Microsoft Windows Uniscribe privilege escalation attempt
RuleID : 41932 - Type : FILE-OTHER - Revision : 2
2016-12-20 Microsoft Silverlight GetChar out of bounds read attempt
RuleID : 40814 - Type : BROWSER-PLUGINS - Revision : 2
2016-12-20 Microsoft Silverlight GetChar out of bounds read attempt
RuleID : 40813 - Type : BROWSER-PLUGINS - Revision : 2
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40409 - Type : FILE-OTHER - Revision : 2
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40408 - Type : FILE-OTHER - Revision : 2
2016-03-22 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 37801 - Type : BROWSER-PLUGINS - Revision : 2
2016-03-14 Microsoft Silverlight GetChar out of bounds read attempt
RuleID : 37268 - Type : BROWSER-PLUGINS - Revision : 2
2016-03-14 Microsoft Silverlight GetChar out of bounds read attempt
RuleID : 37267 - Type : BROWSER-PLUGINS - Revision : 2
2016-03-14 Microsoft .NET Silverlight manifest resource file information disclosure attempt
RuleID : 36998 - Type : OS-WINDOWS - Revision : 2
2016-03-14 Microsoft .NET Silverlight manifest resource file information disclosure attempt
RuleID : 36997 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34441 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34440 - Type : OS-WINDOWS - Revision : 2
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 4
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3
2014-01-30 Angler exploit kit XORed payload download attempt
RuleID : 29066 - Type : EXPLOIT-KIT - Revision : 5
2014-01-10 Angler exploit kit payload download attempt
RuleID : 28616 - Type : EXPLOIT-KIT - Revision : 4
2014-01-10 Angler exploit kit exploit download attempt
RuleID : 28615 - Type : EXPLOIT-KIT - Revision : 6
2014-01-10 Angler exploit kit landing page
RuleID : 28614 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Angler exploit kit landing page - specific-structure
RuleID : 28613 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Multiple exploit kit Silverlight exploit download
RuleID : 28612 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28584 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28583 - Type : BROWSER-PLUGINS - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-06-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_win2008.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: A web application framework running on the remote host is affected by multipl...
File: smb_nt_ms17_jun_4023307.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022727.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022726.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022725.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022724.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022719.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022715.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022714.nasl - Type: ACT_GATHER_INFO
2017-03-17 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17-013.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: A multimedia application framework installed on the remote macOS or Mac OS X ...
File: macosx_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-09-13 Name: A multimedia application framework installed on the remote Windows host is af...
File: smb_nt_ms16-109.nasl - Type: ACT_GATHER_INFO
2016-09-13 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms16-109.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: A multimedia application framework installed on the remote Windows host is af...
File: smb_nt_ms16-006.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms16-006.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: A multimedia application framework installed on the remote Windows host is af...
File: smb_nt_ms15-129.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-128.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-129.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-128.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Windows host is af...
File: smb_nt_ms15-049.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms13-022.nasl - Type: ACT_GATHER_INFO