KLA11833
Multiple vulnerabilities in Microsoft Developer Tools
Updated: 07/22/2020
Detect date
?
03/14/2017
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely via specially crafted website to execute arbitrary code.
  2. An information disclosure vulnerability in Microsoft XML Core Services can be exploited remotely to obtain sensitive information.
Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/41647

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit)
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based)
Microsoft XML Core Services 3.0
Microsoft Silverlight 5 when installed on Microsoft Windows (32-bit)
Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-0108
CVE-2017-0022

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Silverlight
Microsoft XML Core Services
CVE-IDS
?
CVE-2017-00220.0Unknown
CVE-2017-01080.0Unknown
KB list

4012217
4012215
4012216
4012606
4013198
4013429
4012212
4012214
4012213
4013867
3216916

Microsoft official advisories
Microsoft Security Update Guide