Kaspersky LabKLA10544KLA10544 Code execution vulnerabilities in Microsoft Silverlight
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
Detect date:
05/08/2012
Severity:
Critical
Description:
An unspecified vulnerabilities were found in Microsoft Silverlight. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed font data.
Affected products:
Microsoft Silverlight 4 earlier than 4.1.10329
Microsoft Silverlight 5 earlier than 5.1.10411
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS12-034
CVE-2011-3402
CVE-2012-0159
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2011-34029.3Critical
CVE-2012-01599.3Critical
Microsoft official advisories:
KB list:
Exploitation:
This vulnerability can be exploited by the following malware:
References
support.microsoft.com/kb/2636927
support.microsoft.com/kb/2690729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0159
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2011-3402
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2012-0159
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/library/security/ms12-034
threats.kaspersky.com/en/product/Microsoft-Silverlight/
threats.kaspersky.com/en/threat/Exploit.Win32.CVE-2011-3402/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%