SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Silverlight Vendors:   Microsoft
Microsoft Silverlight String Decoding Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1034655
SecurityTracker URL:  http://securitytracker.com/id/1034655
CVE Reference:   CVE-2016-0034   (Links to External Site)
Date:  Jan 12 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5
Description:   A vulnerability was reported in Microsoft Silverlight. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Silverlight application that, when loaded by the target user, will trigger a flaw in the decoding of strings to execute arbitrary code on the target system. The code will run with the privileges of the target user.

Anton Ivanov and Costin Raiu of Kaspersky Lab reported this vulnerability.

Impact:   A remote user can create a Silverlight application that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix.

Microsoft Silverlight 5 (Mac):

https://www.microsoft.com/downloads/details.aspx?familyid=2a00127a-bcf0-4fb4-bcea-45b7314eb477

Microsoft Silverlight 5 Developer Runtime (Mac):

https://www.microsoft.com/downloads/details.aspx?familyid=2a00127a-bcf0-4fb4-bcea-45b7314eb477

Microsoft Silverlight 5 (Windows client):

https://www.microsoft.com/downloads/details.aspx?familyid=2a00127a-bcf0-4fb4-bcea-45b7314eb477

Microsoft Silverlight 5 Developer Runtime (Windows client):

https://www.microsoft.com/downloads/details.aspx?familyid=2a00127a-bcf0-4fb4-bcea-45b7314eb477

Microsoft Silverlight 5 (Windows server):

https://www.microsoft.com/downloads/details.aspx?familyid=2a00127a-bcf0-4fb4-bcea-45b7314eb477

Microsoft Silverlight 5 Developer Runtime (Windows server):

https://www.microsoft.com/downloads/details.aspx?familyid=2a00127a-bcf0-4fb4-bcea-45b7314eb477

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-006

Vendor URL:  technet.microsoft.com/library/security/ms16-006 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC