Lucene search

K
kasperskyKaspersky LabKLA10544
HistoryMay 08, 2012 - 12:00 a.m.

KLA10544 Code execution vulnerabilities in Microsoft Silverlight

2012-05-0800:00:00
Kaspersky Lab
threats.kaspersky.com
376

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

An unspecified vulnerabilities were found in Microsoft Silverlight. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed font data.

Original advisories

MS12-034

CVE-2011-3402

CVE-2012-0159

Exploitation

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Exploit.Win32.CVE-2011-3402/

Public exploits exist for this vulnerability.

Related products

Microsoft-Silverlight

CVE list

CVE-2011-3402 critical

CVE-2012-0159 critical

KB list

2690729

2636927

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Microsoft Silverlight 4 earlier than 4.1.10329Microsoft Silverlight 5 earlier than 5.1.10411

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%