32 matches found
CVE-2015-1671
Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...
CVE-2013-0074
CVE-2013-0074 (Microsoft Silverlight) affects Silverlight 5 and the 5 Developer Runtime prior to 5.1.20125.0. The root cause is improper validation of pointers during HTML object rendering, leading to a pointer-dereference memory corruption that can allow remote code execution via a crafted Silve...
CVE-2016-0034
Microsoft Silverlight 5 is affected by a remote code execution vulnerability (CVE-2016-0034) due to mishandling of negative offsets during decoding. Versions prior to 5.1.41212.0 are vulnerable; successful exploitation via a crafted web page can lead to arbitrary code execution or DoS. Several co...
CVE-2013-3896
CVE-2013-3896 affects Microsoft Silverlight 5 before 5.1.20913.0, where improper pointer validation during access to Silverlight elements leads to potential information disclosure. Affected component is Silverlight runtime; impact is partial confidentiality loss without integrity or availability ...
CVE-2015-6108
CVE-2015-6108 affects the Windows font library across multiple Windows OS versions (Vista through Windows 8.1/Server 2012) and related Microsoft products, where a crafted embedded font can trigger remote code execution. The vulnerability is described as a memory corruption issue in handling embed...
CVE-2012-0176
CVE-2012-0176 affects Microsoft Silverlight 4 on Windows prior to 4.1.10329, with a double-free vulnerability in memory handling when rendering crafted XAML glyphs that enables remote code execution. This issue is documented under MS12-034, which patches multiple components including Silverlight....
CVE-2012-0159
CVE-2012-0159 is a kernel-level remote code execution vulnerability in Microsoft Windows related to TrueType font parsing. The root cause is a sign extension error in the kernel’s handling of TrueType compound glyphs within win32k.sys, which can be triggered by a crafted TTF file. Affected produc...
CVE-2017-0108
CVE-2017-0108 is a remote-code-execution vulnerability in the Windows Graphics Component, exploited via untrusted fonts processed by Uniscribe (usp10.dll) and exposed through graphics-related API calls invoked by user32/draw text paths. Google Project Zero’s Uniscribe fuzzing identified 8 high‑se...
CVE-2017-0283
CVE-2017-0283 is described in the connected MSKB as a remote code execution vulnerability in Microsoft Office components that could be triggered by opening a specially crafted Office file. The MSKB describes a security update KB3191937 for Skype for Business 2015 (Lync 2013) that addresses CVE-20...
CVE-2017-8527
Technical details for CVE-2017-8527 are not publicly available in the provided documents. No specifics on affected products, vulnerable components, root cause, exploits, or fixes are included here. Monitor for updates from official advisories.
CVE-2013-3178
Microsoft Silverlight vulnerability CVE-2013-3178 exists in Silverlight 5 before 5.1.20513.0, caused by improper initialization of arrays that enables a NULL pointer dereference. This can allow remote code execution or a denial of service when a crafted Silverlight application is opened. The issu...
CVE-2012-0014
CVE-2012-0014 describes a remote code execution flaw in Microsoft .NET Framework components (2.0 SP2, 3.5.1, 4) and Silverlight 4 prior to 4.1.10111, caused by improper restriction of memory access for unmanaged objects. Exploitation vectors include XBAP, crafted ASP.NET, .NET Framework, and Silv...
CVE-2015-2464
CVE-2015-2463 and CVE-2015-2464 describe a TrueType font parsing vulnerability that allows remote code execution. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Office 2007 SP3 and 2010 SP2, L...
CVE-2016-3209
CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...
CVE-2010-1898
CVE-2010-1898 is a remote code execution vulnerability in the Microsoft .NET CLR handling delegates to virtual methods, affecting CLR-based apps and Silverlight. The issue enables arbitrary code execution via three attack scenarios: XBAPs (XAML browser applications), ASP.NET pages, or standalone ...
CVE-2015-2463
CVE-2015-2463/2464 describe a TrueType font parsing vulnerability affecting multiple Windows variants (Vista SP2, 7 SP1, 8/8.1, Server 2008/2012, RT, Office 2007/2010, Silverlight, .NET Framework). The issue allows remote code execution via a crafted TrueType font, caused by a parsing flaw in the...
CVE-2015-2435
CVE-2015-2435 is a TrueType font parsing vulnerability impacting Microsoft Windows (multiple editions listed) and related components (e.g., Silverlight, Office) that allows remote code execution via a crafted font. The issue is documented with a CVSS v2 base score of 9.3 (high) and network attack...
CVE-2015-2455
CVE-2015-2455 (TrueType Font Parsing Vulnerability) is a Windows font-processing defect discovered via Project Zero fuzzing of the Windows kernel font stack (win32k.sys and ATMFD.DLL) affecting TrueType fonts and related SFNT tables. The Google Project Zero report outlines that incorrect handling...
CVE-2013-3129
CVE-2013-3129 concerns a TrueType Font (TTF) parsing vulnerability that allows remote code execution. Affected products include Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5; Silverlight 5 prior to 5.1.20513.0; and GDI+, DirectWrite, Journal in various Windows versions (XP through Windows ...
CVE-2015-2456
Summary from Project Zero (2016) : Windows kernel font handling (TTF/OTF) contained multiple vulnerabilities discovered via fuzzing (ATMFD.DLL, win32k.sys) with several CVEs (notably CVE-2015-2455 and CVE-2015-2456). Root cause highlighted: the IUP instruction handler in win32k!itrp_IUP failed to...
CVE-2011-0664
CVE-2011-0664 affects Microsoft .NET Framework 2.0 SP1/SP2, 3.5 Gold/SP1, 3.5.1, 4.0 and Silverlight 4 before 4.0.60531.0. The issue stems from improper validation of arguments to unspecified networking API functions, enabling remote code execution when processing crafted XBAPs, ASP.NET apps, .NE...
CVE-2010-0019
Summary (CVE-2010-0019): A memory corruption vulnerability in Microsoft Silverlight 3 (Windows) before 3.0.50611.0 and Mac OS X before 3.0.41130.0 arises from improper pointer handling, allowing remote code execution or a denial of service when a user visits a crafted web page. An attacker could ...
CVE-2015-1715
Summary (CVE-2015-1715) : Microsoft Silverlight 5 before 5.1.40416.00 is vulnerable to elevation of privilege via a specially crafted Silverlight application (Out of Browser). Initial CVE describes bypassing integrity-level restrictions. Connected documents confirm the vendor patch MS15-049 (KB30...
CVE-2016-3367
Microsoft Silverlight Memory Corruption (CVE-2016-3367) affects Silverlight 5 before 5.1.50709.0. The vulnerability stems from improper memory handling in StringBuilder during string-insert/append, enabling a remote attacker to run arbitrary code via a crafted web site. Impact is remote code exec...
CVE-2013-3131
CVE-2013-3131 concerns a remote code execution vulnerability in Microsoft .NET Framework and Silverlight due to improper handling of multidimensional arrays of small structures. Affected products include .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 prior to 5.1.20513.0. The r...
CVE-2011-1845
Summary: CVE-2011-1845 affects Microsoft Silverlight 4, where multiple memory leaks in the DataGrid control implementation (and related INotifyDataErrorInfo and TextBlock/TextBox usage) can be exploited to cause a denial of service via memory consumption. The issue is triggered by specific UI sce...
CVE-2014-0319
CVE-2014-0319 affects Microsoft Silverlight 5 (before 5.1.30214.0) and Silverlight 5 Developer Runtime (before 5.1.30214.0). The vulnerability is a security feature bypass (DEP/ASLR) due to improper implementation, enabling bypass of DEP and ASLR protections via unspecified vectors. Affected prod...
CVE-2011-1253
Microsoft .NET Framework and Silverlight remote code execution vulnerability (CVE-2011-1253) arises from improper restriction of class inheritance. Affected: .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, 4, and Silverlight 4 prior to 4.0.60831. Impact: remote attackers can execute arbitrary co...
CVE-2015-6165
CVE-2015-6165 affects Microsoft Silverlight 5 before 5.1.41105.00. A crafted website can bypass ASLR to disclose information. Remediation details are not provided in the supplied documents.
CVE-2015-6114
CVE-2015-6114 affects Microsoft Silverlight 5 prior to 5.1.41105.00. The vulnerability allows remote attackers to bypass ASLR via a crafted web site, resulting in information disclosure. Connected advisories corroborate an information-disclosure vector arising from Silverlight manifest/resource p...
CVE-2011-1844
Microsoft Silverlight 4 prior to 4.0.60310.0 is affected by CVE-2011-1844 due to a memory leak in a popup control tied to a custom DependencyProperty, leading to possible denial of service from memory exhaustion. The issue is confirmed by multiple sources (NVD entry and Red Hat advisory) and is d...
CVE-2015-6166
Microsoft Silverlight 5 prior to 5.1.41105.00 is affected by CVE-2015-6166 due to improper handling of certain open/close requests, enabling remote code execution or, per the CVE, a denial of service via out-of-bounds read/write access. Severity is high (CVSS 9.3). Affected product: Silverlight 5...