Skip to main content

Silverlight

22 CVEs product

Monthly

CVE-2017-8527 HIGH PATCH Act Now

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.8%.

Buffer Overflow RCE Microsoft Lync Office +9
NVD
CVSS 3.0
8.8
EPSS
28.8%
CVE-2017-0283 HIGH POC PATCH THREAT Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

RCE Microsoft Lync Office Office Word Viewer +8
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
56.0%
Threat
4.9
CVE-2017-0108 HIGH POC PATCH THREAT Act Now

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Buffer Overflow RCE Microsoft Live Meeting Lync +7
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
36.7%
Threat
4.2
CVE-2016-3209 MEDIUM POC THREAT This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Information Disclosure Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
19.2%
CVE-2016-3367 HIGH Act Now

StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

RCE Buffer Overflow Microsoft Silverlight
NVD
CVSS 3.0
8.8
EPSS
19.7%
CVE-2015-6166 CRITICAL Act Now

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Silverlight
NVD
CVSS 2.0
9.3
EPSS
20.5%
CVE-2015-6165 MEDIUM This Month

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.

Information Disclosure Microsoft Silverlight
NVD
CVSS 2.0
4.3
EPSS
17.5%
CVE-2015-6114 MEDIUM This Month

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.

Information Disclosure Microsoft Silverlight
NVD
CVSS 2.0
4.3
EPSS
17.5%
CVE-2015-6108 CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4%.

RCE Buffer Overflow Microsoft Live Meeting Lync +13
NVD
CVSS 2.0
9.3
EPSS
44.4%
CVE-2015-2464 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.1%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
48.1%
Threat
4.8
CVE-2015-2463 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
38.6%
Threat
4.5
CVE-2015-2456 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
41.5%
Threat
4.6
CVE-2015-2455 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
53.2%
Threat
5.0
CVE-2015-2435 CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD
CVSS 2.0
9.3
EPSS
30.2%
CVE-2015-1715 CRITICAL Act Now

Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 26.1% and no vendor patch available.

Privilege Escalation Microsoft Silverlight
NVD
CVSS 2.0
9.3
EPSS
26.1%
CVE-2014-0319 HIGH Act Now

Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 13.1% and no vendor patch available.

Privilege Escalation Microsoft Silverlight
NVD VulDB
CVSS 2.0
7.1
EPSS
13.1%
CVE-2013-3178 CRITICAL Emergency

Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 59.0% and no vendor patch available.

Code Injection Denial Of Service Microsoft RCE Silverlight
NVD
CVSS 2.0
9.3
EPSS
59.0%
CVE-2013-3131 CRITICAL Emergency

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.7% and no vendor patch available.

Code Injection Microsoft RCE Net Framework Silverlight
NVD
CVSS 2.0
9.3
EPSS
54.7%
CVE-2013-3129 HIGH Act Now

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 51.7% and no vendor patch available.

Code Injection Microsoft RCE Net Framework Lync +12
NVD
CVSS 3.1
7.8
EPSS
51.7%
CVE-2012-0176 CRITICAL Emergency

Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 62.1% and no vendor patch available.

Microsoft RCE Silverlight
NVD
CVSS 2.0
9.3
EPSS
62.1%
CVE-2012-0159 CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.6% and no vendor patch available.

Microsoft RCE Office Windows 7 Windows 8 +4
NVD
CVSS 2.0
9.3
EPSS
64.6%
CVE-2012-0014 HIGH Act Now

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 52.3% and no vendor patch available.

Code Injection Microsoft RCE Net Framework Silverlight
NVD
CVSS 3.1
7.8
EPSS
52.3%
EPSS 29% CVSS 8.8
HIGH PATCH Act Now

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.8%.

Buffer Overflow RCE Microsoft +11
NVD
EPSS 56% 4.9 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

RCE Microsoft Lync +10
NVD Exploit-DB
EPSS 37% 4.2 CVSS 7.8
HIGH POC PATCH THREAT Act Now

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Buffer Overflow RCE Microsoft +9
NVD Exploit-DB
EPSS 19% CVSS 5.5
MEDIUM POC THREAT This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Information Disclosure Microsoft Net Framework +13
NVD Exploit-DB
EPSS 20% CVSS 8.8
HIGH Act Now

StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

RCE Buffer Overflow Microsoft +1
NVD
EPSS 21% CVSS 9.3
CRITICAL Act Now

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 18% CVSS 4.3
MEDIUM This Month

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.

Information Disclosure Microsoft Silverlight
NVD
EPSS 18% CVSS 4.3
MEDIUM This Month

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.

Information Disclosure Microsoft Silverlight
NVD
EPSS 44% CVSS 9.3
CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4%.

RCE Buffer Overflow Microsoft +15
NVD
EPSS 48% 4.8 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.1%.

RCE Microsoft Net Framework +13
NVD Exploit-DB
EPSS 39% 4.5 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

RCE Microsoft Net Framework +13
NVD Exploit-DB
EPSS 42% 4.6 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Net Framework +14
NVD Exploit-DB
EPSS 53% 5.0 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.2%.

RCE Microsoft Net Framework +14
NVD Exploit-DB
EPSS 30% CVSS 9.3
CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.2%.

RCE Microsoft Net Framework +14
NVD
EPSS 26% CVSS 9.3
CRITICAL Act Now

Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 26.1% and no vendor patch available.

Privilege Escalation Microsoft Silverlight
NVD
EPSS 13% CVSS 7.1
HIGH Act Now

Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 13.1% and no vendor patch available.

Privilege Escalation Microsoft Silverlight
NVD VulDB
EPSS 59% CVSS 9.3
CRITICAL Emergency

Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 59.0% and no vendor patch available.

Code Injection Denial Of Service Microsoft +2
NVD
EPSS 55% CVSS 9.3
CRITICAL Emergency

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.7% and no vendor patch available.

Code Injection Microsoft RCE +2
NVD
EPSS 52% CVSS 7.8
HIGH Act Now

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 51.7% and no vendor patch available.

Code Injection Microsoft RCE +14
NVD
EPSS 62% CVSS 9.3
CRITICAL Emergency

Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 62.1% and no vendor patch available.

Microsoft RCE Silverlight
NVD
EPSS 65% CVSS 9.3
CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.6% and no vendor patch available.

Microsoft RCE Office +6
NVD
EPSS 52% CVSS 7.8
HIGH Act Now

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 52.3% and no vendor patch available.

Code Injection Microsoft RCE +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy