Дата обнаружения
|
12/01/2016 |
Уровень угрозы
|
High |
Описание
|
Improper strings handling was found in Microsoft Silverlight. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed web content. Technical details This vulnerability can be triggered while Silverlight decodes strings using a malicious decoder that can return negative offsets that cause Silverlight to replace unsafe object headers with contents provided by an attacker. |
Пораженные продукты
|
Microsoft Silverlight 5 |
Решение
|
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) |
Первичный источник обнаружения
|
CVE-2016-0034 |
Оказываемое влияние
?
|
ACE
[?]
|
Связанные продукты
|
Microsoft Silverlight |