Lucene search

Kaspersky LabKLA10543

HistoryApr 11, 2014 - 12:00 a.m.

KLA10543 Security bypass vulnerability in Microsoft Silverlight

2014-04-1100:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.5%

JSON

An unspecified vulnerability was found in Microsoft Silverlight. By exploiting this vulnerability malicious users can bypass security restrictions. This vulnerability can be exploited remotely via an unknown vectors.

Original advisories

MS14-014

CVE-2014-0319

Related products

Microsoft-Silverlight

CVE list

CVE-2014-0319 high

KB list

2932677

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

Microsoft Silverlight 5 versions earier than 5.1.30214.0Silverlight 5 Developer Runtime versions earlier than 5.1.30214.0

References

support.microsoft.com/kb/2932677

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0319

statistics.securelist.com/

technet.microsoft.com/library/security/ms14-014

threats.kaspersky.com/en/product/Microsoft-Silverlight/

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.5%

JSON

Related for KLA10543