Skip to main content

Silverlight CVE-2014-0319

HIGH
Permissions, Privileges, and Access Controls (CWE-264)
2014-03-12 secure@microsoft.com
7.1
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:M/Au:N/C:N/I:C/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:C/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
C
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 12, 2014 - 05:15 cve.org
HIGH 7.1

DescriptionCVE.org

Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability."

AnalysisAI

Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 13.1% and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability." Affected products include: Microsoft Silverlight. Version information: before 5.1.30214.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-0283 HIGH POC
8.8 Jun 15

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT

CVE-2015-2455 CRITICAL POC
9.3 Aug 15

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2

CVE-2015-2464 CRITICAL POC
9.3 Aug 15

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2

CVE-2012-0159 CRITICAL
9.3 May 09

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, W

CVE-2012-0176 CRITICAL
9.3 May 09

Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbi

CVE-2015-2456 CRITICAL POC
9.3 Aug 15

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2

CVE-2013-3178 CRITICAL
9.3 Jul 10

Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute

CVE-2015-2463 CRITICAL POC
9.3 Aug 15

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2

CVE-2013-3131 CRITICAL
9.3 Jul 10

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly preven

CVE-2017-0108 HIGH POC
7.8 Mar 17

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 20

CVE-2012-0014 HIGH
7.8 Feb 14

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to

CVE-2015-6108 CRITICAL
9.3 Dec 09

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; W

Share

CVE-2014-0319 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy