Lucene search
K
MicrosoftSilverlight

32 matches found

CVE
CVE
added 2015/05/13 10:0 a.m.1089 views

CVE-2015-1671

Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...

9.3CVSS7.3AI score0.54628EPSS
In wild
CVE
CVE
added 2013/03/13 12:0 a.m.1016 views

CVE-2013-0074

CVE-2013-0074 (Microsoft Silverlight) affects Silverlight 5 and the 5 Developer Runtime prior to 5.1.20125.0. The root cause is improper validation of pointers during HTML object rendering, leading to a pointer-dereference memory corruption that can allow remote code execution via a crafted Silve...

9.3CVSS9.3AI score0.81868EPSS
In wild
CVE
CVE
added 2016/01/13 2:0 a.m.1016 views

CVE-2016-0034

Microsoft Silverlight 5 is affected by a remote code execution vulnerability (CVE-2016-0034) due to mishandling of negative offsets during decoding. Versions prior to 5.1.41212.0 are vulnerable; successful exploitation via a crafted web page can lead to arbitrary code execution or DoS. Several co...

9.3CVSS8.8AI score0.69709EPSS
In wild
CVE
CVE
added 2013/10/09 2:44 p.m.974 views

CVE-2013-3896

CVE-2013-3896 affects Microsoft Silverlight 5 before 5.1.20913.0, where improper pointer validation during access to Silverlight elements leads to potential information disclosure. Affected component is Silverlight runtime; impact is partial confidentiality loss without integrity or availability ...

5.5CVSS5.9AI score0.6961EPSS
In wild
CVE
CVE
added 2015/12/09 11:0 a.m.207 views

CVE-2015-6108

CVE-2015-6108 affects the Windows font library across multiple Windows OS versions (Vista through Windows 8.1/Server 2012) and related Microsoft products, where a crafted embedded font can trigger remote code execution. The vulnerability is described as a memory corruption issue in handling embed...

9.3CVSS7.4AI score0.25998EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.182 views

CVE-2012-0176

CVE-2012-0176 affects Microsoft Silverlight 4 on Windows prior to 4.1.10329, with a double-free vulnerability in memory handling when rendering crafted XAML glyphs that enables remote code execution. This issue is documented under MS12-034, which patches multiple components including Silverlight....

9.3CVSS7.5AI score0.22485EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.173 views

CVE-2012-0159

CVE-2012-0159 is a kernel-level remote code execution vulnerability in Microsoft Windows related to TrueType font parsing. The root cause is a sign extension error in the kernel’s handling of TrueType compound glyphs within win32k.sys, which can be triggered by a crafted TTF file. Affected produc...

9.3CVSS7.4AI score0.26816EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.165 views

CVE-2017-0108

CVE-2017-0108 is a remote-code-execution vulnerability in the Windows Graphics Component, exploited via untrusted fonts processed by Uniscribe (usp10.dll) and exposed through graphics-related API calls invoked by user32/draw text paths. Google Project Zero’s Uniscribe fuzzing identified 8 high‑se...

9.3CVSS7AI score0.5047EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.163 views

CVE-2017-0283

CVE-2017-0283 is described in the connected MSKB as a remote code execution vulnerability in Microsoft Office components that could be triggered by opening a specially crafted Office file. The MSKB describes a security update KB3191937 for Skype for Business 2015 (Lync 2013) that addresses CVE-20...

9.3CVSS6.4AI score0.39019EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.157 views

CVE-2017-8527

Technical details for CVE-2017-8527 are not publicly available in the provided documents. No specifics on affected products, vulnerable components, root cause, exploits, or fixes are included here. Monitor for updates from official advisories.

9.3CVSS6AI score0.19023EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.149 views

CVE-2013-3178

Microsoft Silverlight vulnerability CVE-2013-3178 exists in Silverlight 5 before 5.1.20513.0, caused by improper initialization of arrays that enables a NULL pointer dereference. This can allow remote code execution or a denial of service when a crafted Silverlight application is opened. The issu...

9.3CVSS7.6AI score0.32071EPSS
CVE
CVE
added 2012/02/14 10:0 p.m.148 views

CVE-2012-0014

CVE-2012-0014 describes a remote code execution flaw in Microsoft .NET Framework components (2.0 SP2, 3.5.1, 4) and Silverlight 4 prior to 4.1.10111, caused by improper restriction of memory access for unmanaged objects. Exploitation vectors include XBAP, crafted ASP.NET, .NET Framework, and Silv...

9.3CVSS7.5AI score0.2817EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.134 views

CVE-2015-2464

CVE-2015-2463 and CVE-2015-2464 describe a TrueType font parsing vulnerability that allows remote code execution. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Office 2007 SP3 and 2010 SP2, L...

9.3CVSS7.3AI score0.35562EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.126 views

CVE-2016-3209

CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...

5.5CVSS6AI score0.53653EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.113 views

CVE-2010-1898

CVE-2010-1898 is a remote code execution vulnerability in the Microsoft .NET CLR handling delegates to virtual methods, affecting CLR-based apps and Silverlight. The issue enables arbitrary code execution via three attack scenarios: XBAPs (XAML browser applications), ASP.NET pages, or standalone ...

9.3CVSS7.5AI score0.25033EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.107 views

CVE-2015-2463

CVE-2015-2463/2464 describe a TrueType font parsing vulnerability affecting multiple Windows variants (Vista SP2, 7 SP1, 8/8.1, Server 2008/2012, RT, Office 2007/2010, Silverlight, .NET Framework). The issue allows remote code execution via a crafted TrueType font, caused by a parsing flaw in the...

9.3CVSS7.3AI score0.34475EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.104 views

CVE-2015-2435

CVE-2015-2435 is a TrueType font parsing vulnerability impacting Microsoft Windows (multiple editions listed) and related components (e.g., Silverlight, Office) that allows remote code execution via a crafted font. The issue is documented with a CVSS v2 base score of 9.3 (high) and network attack...

9.3CVSS7.4AI score0.2187EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.103 views

CVE-2015-2455

CVE-2015-2455 (TrueType Font Parsing Vulnerability) is a Windows font-processing defect discovered via Project Zero fuzzing of the Windows kernel font stack (win32k.sys and ATMFD.DLL) affecting TrueType fonts and related SFNT tables. The Google Project Zero report outlines that incorrect handling...

9.3CVSS7.3AI score0.37429EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.100 views

CVE-2013-3129

CVE-2013-3129 concerns a TrueType Font (TTF) parsing vulnerability that allows remote code execution. Affected products include Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5; Silverlight 5 prior to 5.1.20513.0; and GDI+, DirectWrite, Journal in various Windows versions (XP through Windows ...

9.3CVSS7.3AI score0.32378EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.100 views

CVE-2015-2456

Summary from Project Zero (2016) : Windows kernel font handling (TTF/OTF) contained multiple vulnerabilities discovered via fuzzing (ATMFD.DLL, win32k.sys) with several CVEs (notably CVE-2015-2455 and CVE-2015-2456). Root cause highlighted: the IUP instruction handler in win32k!itrp_IUP failed to...

9.3CVSS7.3AI score0.35562EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.89 views

CVE-2011-0664

CVE-2011-0664 affects Microsoft .NET Framework 2.0 SP1/SP2, 3.5 Gold/SP1, 3.5.1, 4.0 and Silverlight 4 before 4.0.60531.0. The issue stems from improper validation of arguments to unspecified networking API functions, enabling remote code execution when processing crafted XBAPs, ASP.NET apps, .NE...

9.3CVSS7.6AI score0.16006EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.85 views

CVE-2010-0019

Summary (CVE-2010-0019): A memory corruption vulnerability in Microsoft Silverlight 3 (Windows) before 3.0.50611.0 and Mac OS X before 3.0.41130.0 arises from improper pointer handling, allowing remote code execution or a denial of service when a user visits a crafted web page. An attacker could ...

9.3CVSS7.9AI score0.14368EPSS
CVE
CVE
added 2015/05/13 10:0 a.m.75 views

CVE-2015-1715

Summary (CVE-2015-1715) : Microsoft Silverlight 5 before 5.1.40416.00 is vulnerable to elevation of privilege via a specially crafted Silverlight application (Out of Browser). Initial CVE describes bypassing integrity-level restrictions. Connected documents confirm the vendor patch MS15-049 (KB30...

9.3CVSS6.4AI score0.13337EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.75 views

CVE-2016-3367

Microsoft Silverlight Memory Corruption (CVE-2016-3367) affects Silverlight 5 before 5.1.50709.0. The vulnerability stems from improper memory handling in StringBuilder during string-insert/append, enabling a remote attacker to run arbitrary code via a crafted web site. Impact is remote code exec...

9.3CVSS8.7AI score0.17793EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.74 views

CVE-2013-3131

CVE-2013-3131 concerns a remote code execution vulnerability in Microsoft .NET Framework and Silverlight due to improper handling of multidimensional arrays of small structures. Affected products include .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 prior to 5.1.20513.0. The r...

9.3CVSS7.4AI score0.22008EPSS
CVE
CVE
added 2011/05/03 7:0 p.m.70 views

CVE-2011-1845

Summary: CVE-2011-1845 affects Microsoft Silverlight 4, where multiple memory leaks in the DataGrid control implementation (and related INotifyDataErrorInfo and TextBlock/TextBox usage) can be exploited to cause a denial of service via memory consumption. The issue is triggered by specific UI sce...

7.8CVSS6.8AI score0.12218EPSS
CVE
CVE
added 2014/03/12 1:0 a.m.67 views

CVE-2014-0319

CVE-2014-0319 affects Microsoft Silverlight 5 (before 5.1.30214.0) and Silverlight 5 Developer Runtime (before 5.1.30214.0). The vulnerability is a security feature bypass (DEP/ASLR) due to improper implementation, enabling bypass of DEP and ASLR protections via unspecified vectors. Affected prod...

7.1CVSS6.5AI score0.05964EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.64 views

CVE-2011-1253

Microsoft .NET Framework and Silverlight remote code execution vulnerability (CVE-2011-1253) arises from improper restriction of class inheritance. Affected: .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, 4, and Silverlight 4 prior to 4.0.60831. Impact: remote attackers can execute arbitrary co...

9.3CVSS7.5AI score0.13241EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.64 views

CVE-2015-6165

CVE-2015-6165 affects Microsoft Silverlight 5 before 5.1.41105.00. A crafted website can bypass ASLR to disclose information. Remediation details are not provided in the supplied documents.

4.3CVSS6.2AI score0.16634EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.62 views

CVE-2015-6114

CVE-2015-6114 affects Microsoft Silverlight 5 prior to 5.1.41105.00. The vulnerability allows remote attackers to bypass ASLR via a crafted web site, resulting in information disclosure. Connected advisories corroborate an information-disclosure vector arising from Silverlight manifest/resource p...

4.3CVSS6.2AI score0.19485EPSS
CVE
CVE
added 2011/05/03 7:0 p.m.58 views

CVE-2011-1844

Microsoft Silverlight 4 prior to 4.0.60310.0 is affected by CVE-2011-1844 due to a memory leak in a popup control tied to a custom DependencyProperty, leading to possible denial of service from memory exhaustion. The issue is confirmed by multiple sources (NVD entry and Red Hat advisory) and is d...

7.8CVSS6.7AI score0.12218EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.58 views

CVE-2015-6166

Microsoft Silverlight 5 prior to 5.1.41105.00 is affected by CVE-2015-6166 due to improper handling of certain open/close requests, enabling remote code execution or, per the CVE, a denial of service via out-of-bounds read/write access. Severity is high (CVSS 9.3). Affected product: Silverlight 5...

9.3CVSS7.9AI score0.14122EPSS