KLA10737
Code execution vulnerability in Microsoft Silverlight
Обновлено: 17/06/2019
Дата обнаружения
12/01/2016
Уровень угрозы
High
Описание

Improper strings handling was found in Microsoft Silverlight. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed web content.


Technical details

This vulnerability can be triggered while Silverlight decodes strings using a malicious decoder that can return negative offsets that cause Silverlight to replace unsafe object headers with contents provided by an attacker.

Пораженные продукты

Microsoft Silverlight 5

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0034
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Microsoft Silverlight
CVE-IDS
CVE-2016-00349.3Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3126036