The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Silverlight

computer vulnerability announce CVE-2017-0283 CVE-2017-8527

Microsoft Silverlight: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Silverlight.
Impacted products: Silverlight.
Severity: 4/4.
Consequences: client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/06/2017.
Identifiers: CERTFR-2017-AVI-180, CVE-2017-0283, CVE-2017-8527, VIGILANCE-VUL-22967.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft Silverlight.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-6629

Microsoft Silverlight: vulnerabilities of April 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Silverlight.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 12/04/2017.
Identifiers: CERTFR-2017-AVI-110, CVE-2013-6629, VIGILANCE-VUL-22419.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-0108

Microsoft Silverlight: vulnerabilities of March 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Silverlight.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 14/03/2017.
Identifiers: CVE-2017-0108, VIGILANCE-VUL-22130.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3209 CVE-2016-3262 CVE-2016-3263

Windows, .NET, Office, Skype, Lync, Silverlight: seven vulnerabilities via Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Silverlight, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/10/2016.
Identifiers: 3192884, 825, 829, 864, 868, CERTFR-2016-AVI-340, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393, CVE-2016-3396, CVE-2016-7182, MS16-120, VIGILANCE-VUL-20829.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3393]

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3396]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3209]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3262]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3263]

An attacker can bypass security features via True Type Font, in order to escalate his privileges. [severity:2/4; CVE-2016-7182]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3270]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3367

Microsoft Silverlight: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of Microsoft Silverlight, in order to trigger a denial of service, and possibly to run code.
Impacted products: Silverlight.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on client.
Provenance: document.
Creation date: 13/09/2016.
Identifiers: 3182373, CERTFR-2016-AVI-310, CVE-2016-3367, MS16-109, VIGILANCE-VUL-20594.

Description of the vulnerability

An attacker can generate a memory corruption of Microsoft Silverlight, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-0034

Microsoft Silverlight: memory corruption via Decoder

Synthesis of the vulnerability

An attacker can generate a memory corruption in with a decoder of Microsoft Silverlight, in order to trigger a denial of service, and possibly to run code.
Impacted products: Silverlight.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 12/01/2016.
Identifiers: 3126036, CERTFR-2016-AVI-014, CVE-2016-0034, MS16-006, VIGILANCE-VUL-18702.

Description of the vulnerability

The Microsoft Silverlight product displays Silverlight applications

However, an invalid string decoding corrupts object headers in the Decoder class.

An attacker can therefore generate a memory corruption in with a decoder of Microsoft Silverlight, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-6114 CVE-2015-6165 CVE-2015-6166

Silverlight: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Silverlight.
Impacted products: Silverlight.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/12/2015.
Identifiers: 3106614, CERTFR-2015-AVI-525, CVE-2015-6114, CVE-2015-6165, CVE-2015-6166, MS15-129, TALOS-2015-0130, VIGILANCE-VUL-18472.

Description of the vulnerability

Several vulnerabilities were announced in Silverlight.

An attacker can generate a memory corruption via Open And Close Requests, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6166]

An attacker can guess the memory layout of a process, to bypass ASLR, in order to ease the next step of an attack. [severity:2/4; CVE-2015-6114]

An attacker can guess the memory layout of a process, to bypass ASLR, in order to ease the next step of an attack. [severity:2/4; CVE-2015-6165, TALOS-2015-0130]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-6106 CVE-2015-6107 CVE-2015-6108

Windows, .NET, Office, Skype, Lync, Silverlight: three vulnerabilities of Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Silverlight, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/12/2015.
Identifiers: 3104503, CERTFR-2015-AVI-524, CVE-2015-6106, CVE-2015-6107, CVE-2015-6108, MS15-128, VIGILANCE-VUL-18471.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6106]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6107]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6108]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-2435 CVE-2015-2455 CVE-2015-2456

Microsoft Silverlight: cinq vulnerabilities of Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphics Component of Microsoft Silverlight.
Impacted products: Silverlight.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 11/08/2015.
Identifiers: 3078662, CERTFR-2015-AVI-334, CVE-2015-2435, CVE-2015-2455, CVE-2015-2456, CVE-2015-2463, CVE-2015-2464, MS15-080, VIGILANCE-VUL-17630, ZDI-15-387, ZDI-15-388.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Silverlight.

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2435, ZDI-15-387]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2455, ZDI-15-388]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2456]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2463]

An attacker can generate a memory corruption in TrueType, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2464]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-1715

Silverlight: privilege escalation

Synthesis of the vulnerability

An attacker can invite the victim to execute a Silverlight application, in order to escalate his privileges.
Impacted products: Silverlight.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 12/05/2015.
Identifiers: 3058985, CERTFR-2015-AVI-214, CVE-2015-1715, MS15-049, VIGILANCE-VUL-16890.

Description of the vulnerability

The Silverlight product is used to execute applications, in the browser, or locally.

However, when an application is directly executed, it can escape from its sandbox.

An attacker can therefore invite the victim to execute a Silverlight application, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Silverlight: