Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2010-08-11 |
Product | Silverlight | Last view | 2017-06-14 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.8 | 2017-06-14 | CVE-2017-8527 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability". |
8.8 | 2017-06-14 | CVE-2017-0283 | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528. |
7.8 | 2017-03-16 | CVE-2017-0108 | The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014. |
5.5 | 2016-10-13 | CVE-2016-3209 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." |
8.8 | 2016-09-14 | CVE-2016-3367 | StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." |
8.8 | 2016-01-13 | CVE-2016-0034 | Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability." |
9.3 | 2015-12-09 | CVE-2015-6166 | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka "Microsoft Silverlight RCE Vulnerability." |
4.3 | 2015-12-09 | CVE-2015-6165 | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114. |
4.3 | 2015-12-09 | CVE-2015-6114 | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165. |
9.3 | 2015-12-09 | CVE-2015-6108 | The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." |
9.3 | 2015-05-13 | CVE-2015-1715 | Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability." |
9.3 | 2015-05-13 | CVE-2015-1671 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." |
7.1 | 2014-03-12 | CVE-2014-0319 | Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability." |
4.3 | 2013-10-09 | CVE-2013-3896 | Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability." |
9.3 | 2013-07-09 | CVE-2013-3178 | Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability." |
9.3 | 2013-07-09 | CVE-2013-3131 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." |
9.3 | 2013-07-09 | CVE-2013-3129 | Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." |
9.3 | 2013-03-12 | CVE-2013-0074 | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." |
9.3 | 2012-05-08 | CVE-2012-0176 | Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." |
9.3 | 2012-05-08 | CVE-2012-0159 | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." |
9.3 | 2012-02-14 | CVE-2012-0014 | Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." |
7.8 | 2011-05-03 | CVE-2011-1845 | Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element. |
7.8 | 2011-05-03 | CVE-2011-1844 | Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection. |
9.3 | 2010-08-11 | CVE-2010-0019 | Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
22% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
22% (5) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
18% (4) | CWE-399 | Resource Management Errors |
13% (3) | CWE-200 | Information Exposure |
9% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
9% (2) | CWE-20 | Improper Input Validation |
4% (1) | CWE-19 | Data Handling |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:13972 | .NET Framework Unmanaged Objects Vulnerability |
oval:org.mitre.oval:def:15667 | TrueType Font Parsing Vulnerability (CVE-2012-0159) |
oval:org.mitre.oval:def:15388 | TrueType Font Parsing Vulnerability (CVE-2012-0159) |
oval:org.mitre.oval:def:15574 | Silverlight Double-Free Vulnerability |
oval:org.mitre.oval:def:16565 | Double dereference vulnerability in Microsoft Silverlight - MS13-022 (Mac OS X) |
oval:org.mitre.oval:def:16516 | Double dereference vulnerability in Microsoft Silverlight - MS13-022 |
oval:org.mitre.oval:def:17341 | TrueType Font Parsing Vulnerability - CVE-2013-3129 (MS13-052, MS13-053, MS13... |
oval:org.mitre.oval:def:17323 | TrueType font parsing vulnerability in Microsoft Silverlight - CVE-2013-3129,... |
oval:org.mitre.oval:def:17261 | Array access violation vulnerability in Microsoft .NET Framework and Silverli... |
oval:org.mitre.oval:def:17032 | Array access violation vulnerability in Microsoft Silverlight CVE-2013-3131, ... |
oval:org.mitre.oval:def:17389 | Null pointer vulnerability in Microsoft Silverlight - MS13-052 |
oval:org.mitre.oval:def:16892 | Null pointer vulnerability in Microsoft Silverlight - CVE-2013-3178, MS13-052... |
oval:org.mitre.oval:def:19055 | Vulnerability in Silverlight Could Allow Information Disclosure (CVE-2013-389... |
oval:org.mitre.oval:def:19003 | Vulnerability in Silverlight Could Allow Information Disclosure (CVE-2013-389... |
oval:org.mitre.oval:def:22446 | Vulnerability in Silverlight could allow security feature bypass (CVE-2014-03... |
oval:org.mitre.oval:def:22084 | Vulnerability in Silverlight could allow security feature bypass (CVE-2014-03... |
oval:org.mitre.oval:def:28875 | TrueType font parsing vulnerability - CVE-2015-1671 (MS15-044) (Mac OS X) |
oval:org.mitre.oval:def:28207 | TrueType font parsing vulnerability - CVE-2015-1671 (MS15-044) |
oval:org.mitre.oval:def:28985 | Microsoft Silverlight out of browser application vulnerability - CVE-2015-171... |
oval:org.mitre.oval:def:28655 | Microsoft Silverlight out of browser application vulnerability - CVE-2015-171... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
75271 | Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS |
75269 | Microsoft Silverlight DependencyProperty Property Handling Remote DoS |
66992 | Microsoft Silverlight Pointer Handling Unspecified Memory Corruption |
ExploitDB Exploits
id | Description |
---|---|
29858 | MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access |
OpenVAS Exploits
id | Description |
---|---|
2012-06-13 | Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl |
2012-05-14 | Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) File : nvt/secpod_ms12-034_macosx.nasl |
2012-05-09 | Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268... File : nvt/secpod_ms12-034.nasl |
2012-02-15 | Name : Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vuln... File : nvt/secpod_ms12-016.nasl |
2011-05-16 | Name : Microsoft Silverlight Multiple Memory Leak Vulnerabilities File : nvt/gb_ms_silverlight_multiple_memory_leak_vuln.nasl |
2010-08-11 | Name : Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2... File : nvt/secpod_ms10-060.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2014-A-0039 | Microsoft Silverlight Security Bypass Vulnerability Severity: Category II - VMSKEY: V0046177 |
2013-B-0117 | Microsoft Silverlight Information Disclosure Vulnerability Severity: Category II - VMSKEY: V0040764 |
2013-A-0135 | Microsoft GDI+ Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0039199 |
2013-B-0071 | Multiple Vulnerabilities in Microsoft .NET Framework and Silverlight Severity: Category II - VMSKEY: V0039211 |
2013-A-0064 | Microsoft Silverlight Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0037405 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-08-16 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 47172 - Type : BROWSER-PLUGINS - Revision : 1 |
2018-08-16 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 47171 - Type : BROWSER-PLUGINS - Revision : 1 |
2017-04-12 | Microsoft Windows Uniscribe privilege escalation attempt RuleID : 41933 - Type : FILE-OTHER - Revision : 2 |
2017-04-12 | Microsoft Windows Uniscribe privilege escalation attempt RuleID : 41932 - Type : FILE-OTHER - Revision : 2 |
2016-12-20 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 40814 - Type : BROWSER-PLUGINS - Revision : 3 |
2016-12-20 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 40813 - Type : BROWSER-PLUGINS - Revision : 3 |
2016-11-08 | Microsoft Windows malformed TrueType file RCVT out of bounds read attempt RuleID : 40409 - Type : FILE-OTHER - Revision : 2 |
2016-11-08 | Microsoft Windows malformed TrueType file RCVT out of bounds read attempt RuleID : 40408 - Type : FILE-OTHER - Revision : 2 |
2016-03-22 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 37801 - Type : BROWSER-PLUGINS - Revision : 3 |
2016-03-14 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 37268 - Type : BROWSER-PLUGINS - Revision : 3 |
2016-03-14 | Microsoft Silverlight GetChar out of bounds read attempt RuleID : 37267 - Type : BROWSER-PLUGINS - Revision : 3 |
2016-03-14 | Microsoft .NET Silverlight manifest resource file information disclosure attempt RuleID : 36998 - Type : OS-WINDOWS - Revision : 3 |
2016-03-14 | Microsoft .NET Silverlight manifest resource file information disclosure attempt RuleID : 36997 - Type : OS-WINDOWS - Revision : 2 |
2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34441 - Type : OS-WINDOWS - Revision : 2 |
2015-06-17 | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt RuleID : 34440 - Type : OS-WINDOWS - Revision : 2 |
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 5 |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3 |
2014-01-30 | Angler exploit kit XORed payload download attempt RuleID : 29066 - Type : EXPLOIT-KIT - Revision : 5 |
2014-01-10 | Angler exploit kit payload download attempt RuleID : 28616 - Type : EXPLOIT-KIT - Revision : 4 |
2014-01-10 | Angler exploit kit exploit download attempt RuleID : 28615 - Type : EXPLOIT-KIT - Revision : 6 |
2014-01-10 | Angler exploit kit landing page RuleID : 28614 - Type : EXPLOIT-KIT - Revision : 3 |
2014-01-10 | Angler exploit kit landing page - specific-structure RuleID : 28613 - Type : EXPLOIT-KIT - Revision : 3 |
2014-01-10 | Multiple exploit kit Silverlight exploit download RuleID : 28612 - Type : EXPLOIT-KIT - Revision : 4 |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28584 - Type : BROWSER-PLUGINS - Revision : 6 |
2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28583 - Type : BROWSER-PLUGINS - Revision : 6 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-06-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_win2008.nasl - Type: ACT_GATHER_INFO |
2017-06-14 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022715.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022714.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022719.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022724.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022725.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022726.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jun_4022727.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: A web application framework running on the remote host is affected by multipl... File: smb_nt_ms17_jun_4023307.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: An application installed on the remote Windows host is affected by a remote c... File: smb_nt_ms17_jun_skype.nasl - Type: ACT_GATHER_INFO |
2017-03-17 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17-013.nasl - Type: ACT_GATHER_INFO |
2016-10-12 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO |
2016-10-12 | Name: A multimedia application framework installed on the remote macOS or Mac OS X ... File: macosx_ms16-120.nasl - Type: ACT_GATHER_INFO |
2016-09-13 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms16-109.nasl - Type: ACT_GATHER_INFO |
2016-09-13 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms16-109.nasl - Type: ACT_GATHER_INFO |
2016-01-12 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms16-006.nasl - Type: ACT_GATHER_INFO |
2016-01-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms16-006.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-129.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms15-129.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: The remote host is affected by multiple remote code execution vulnerabilities. File: smb_nt_ms15-128.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-128.nasl - Type: ACT_GATHER_INFO |
2015-05-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO |
2015-05-12 | Name: A multimedia application framework installed on the remote Windows host is af... File: smb_nt_ms15-049.nasl - Type: ACT_GATHER_INFO |
2015-05-12 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO |