CVE-2014-0319

2014-03-1205:15:19

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0319

microsoft silverlight

dep

aslr

vulnerability

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.2%

JSON

Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka “Silverlight DEP/ASLR Bypass Vulnerability.”

Affected configurations

NVD

Node

microsoftsilverlightMatch5.0.60401.0

microsoftsilverlightMatch5.0.60818.0

microsoftsilverlightMatch5.0.60818.0rc

microsoftsilverlightMatch5.0.61118.0

microsoftsilverlightMatch5.1.10411.0

microsoftsilverlightMatch5.1.20125.0

microsoftsilverlightMatch5.1.20513.0

microsoftsilverlightMatch5.1.20913.0

CPENameOperatorVersion
microsoft:silverlightmicrosoft silverlighteq5.0.60401.0
microsoft:silverlightmicrosoft silverlighteq5.0.60818.0
microsoft:silverlightmicrosoft silverlighteq5.0.61118.0
microsoft:silverlightmicrosoft silverlighteq5.1.10411.0
microsoft:silverlightmicrosoft silverlighteq5.1.20125.0
microsoft:silverlightmicrosoft silverlighteq5.1.20513.0
microsoft:silverlightmicrosoft silverlighteq5.1.20913.0

CPE	Name	Operator	Version
microsoft:silverlight	microsoft silverlight	eq	5.0.60401.0
microsoft:silverlight	microsoft silverlight	eq	5.0.60818.0
microsoft:silverlight	microsoft silverlight	eq	5.0.61118.0
microsoft:silverlight	microsoft silverlight	eq	5.1.10411.0
microsoft:silverlight	microsoft silverlight	eq	5.1.20125.0
microsoft:silverlight	microsoft silverlight	eq	5.1.20513.0
microsoft:silverlight	microsoft silverlight	eq	5.1.20913.0