This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2013-03-12
Product Silverlight Last view 2017-06-14
Version 5.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software windows  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:silverlight

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2017-06-14 CVE-2017-0283

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.

9.3 2015-05-13 CVE-2015-1715

Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability."

9.3 2015-05-13 CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

9.3 2013-03-12 CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-19 Data Handling

ExploitDB Exploits

id Description
29858 MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0064 Microsoft Silverlight Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0037405

Snort® IPS/IDS

Date Description
2016-03-22 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 37801 - Type : BROWSER-PLUGINS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34441 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34440 - Type : OS-WINDOWS - Revision : 2
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 4
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3
2014-01-30 Angler exploit kit XORed payload download attempt
RuleID : 29066 - Type : EXPLOIT-KIT - Revision : 5
2014-01-10 Angler exploit kit payload download attempt
RuleID : 28616 - Type : EXPLOIT-KIT - Revision : 4
2014-01-10 Angler exploit kit exploit download attempt
RuleID : 28615 - Type : EXPLOIT-KIT - Revision : 6
2014-01-10 Angler exploit kit landing page
RuleID : 28614 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Angler exploit kit landing page - specific-structure
RuleID : 28613 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Multiple exploit kit Silverlight exploit download
RuleID : 28612 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28584 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28583 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28582 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28581 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28580 - Type : BROWSER-PLUGINS - Revision : 6
2014-01-10 Microsoft Silverlight ScriptObject untrusted pointer dereference attempt
RuleID : 28579 - Type : BROWSER-PLUGINS - Revision : 6

Nessus® Vulnerability Scanner

id Description
2017-06-14 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_win2008.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022714.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022715.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022719.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022724.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022725.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022726.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_4022727.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: A web application framework running on the remote host is affected by multipl...
File: smb_nt_ms17_jun_4023307.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: An application installed on the remote Windows host is affected by a remote c...
File: smb_nt_ms17_jun_skype.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Windows host is af...
File: smb_nt_ms15-049.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms13-022.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: A browser enhancement on the remote Windows host could allow arbitrary code e...
File: smb_nt_ms13-022.nasl - Type: ACT_GATHER_INFO