KLA11833
Multiple vulnerabilities in Microsoft Developer Tools
Обновлено: 22/07/2020
Дата обнаружения
14/03/2017
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely via specially crafted website to execute arbitrary code.
  2. An information disclosure vulnerability in Microsoft XML Core Services can be exploited remotely to obtain sensitive information.
Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/41647

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit)
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based)
Microsoft XML Core Services 3.0
Microsoft Silverlight 5 when installed on Microsoft Windows (32-bit)
Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2017-0108
CVE-2017-0022
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Silverlight
Microsoft XML Core Services
CVE-IDS
CVE-2017-00220.0Unknown
CVE-2017-01080.0Unknown
KB list

4012217
4012215
4012216
4012606
4013198
4013429
4012212
4012214
4012213
4013867
3216916

Microsoft official advisories
Microsoft Security Update Guide