Lucene search

Kaspersky LabKLA10608

HistoryMar 11, 2014 - 12:00 a.m.

KLA10608 Security bypass vulnerability in Microsoft Silverlight

2014-03-1100:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.5%

JSON

An unspecified vulnerability was found in Microsoft Silverlight. By exploiting this vulnerability malicious users can bypass DEP and ASLR protection. This vulnerability can be exploited remotely via an unspecified vectors.

Original advisories

CVE-2014-0319

Related products

Microsoft-Silverlight

CVE list

CVE-2014-0319 high

KB list

2932677

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

Microsoft Silverlight 5

References

support.microsoft.com/kb/2932677

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0319

statistics.securelist.com/

threats.kaspersky.com/en/product/Microsoft-Silverlight/

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.5%

JSON

Related for KLA10608