CVSS: 9.3EPSS: 69%CPEs: 1EXPL: 1CVE-2016-0034 – Microsoft Silverlight Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0034
Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability." Microsoft Silverlight 5 en versiones anteriores a 5.1.41212.0 no maneja correctamente offsets negativos durante la decodificación, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción objeto-cabecera) a través de un sitio web manipulado, también conocido como "Silverlight Runtime Remote Code Execution Vulnerability". Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS). • https://github.com/hybridious/CVE-2016-0034-Decompile http://www.securitytracker.com/id/1034655 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-006 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 8%CPEs: 36EXPL: 0CVE-2015-6108
https://notcve.org/view.php?id=CVE-2015-6108
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." La librería font Windows en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT Gold y 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console y Silverlight 5 permiten a atacantes remotos ejecutar código arbitrario a través de una fuente embebida manipulada, también conocida como 'Graphics Memory Corruption Vulnerability'. • http://www.securitytracker.com/id/1034329 http://www.securitytracker.com/id/1034330 http://www.securitytracker.com/id/1034331 http://www.securitytracker.com/id/1034332 http://www.securitytracker.com/id/1034333 http://www.securitytracker.com/id/1034336 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-128 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 8%CPEs: 1EXPL: 0CVE-2015-6165
https://notcve.org/view.php?id=CVE-2015-6165
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114. Microsoft Silverlight 5 en versiones anteriores a 5.1.41105.00 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de un sitio web manipulado, también conocida como 'Microsoft Silverlight Information Disclosure Vulnerability', una vulnerabilidad diferente a CVE-2015-6114. • http://www.securitytracker.com/id/1034321 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-129 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 18%CPEs: 1EXPL: 0CVE-2015-6166
https://notcve.org/view.php?id=CVE-2015-6166
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka "Microsoft Silverlight RCE Vulnerability." Microsoft Silverlight 5 en versiones anteriores a 5.1.41105.00 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango o acceso a escritura) a través de peticiones de apertura y cierre no especificadas, también conocida como 'Microsoft Silverlight RCE Vulnerability'. • http://www.securitytracker.com/id/1034321 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 8%CPEs: 1EXPL: 0CVE-2015-6114
https://notcve.org/view.php?id=CVE-2015-6114
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165. Microsoft Silverlight 5 en versiones anteriores a 5.1.41105.00 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de un sitio web manipulado, también conocida como 'Microsoft Silverlight Information Disclosure Vulnerability', una vulnerabilidad diferente a CVE-2015-6165. • http://www.securitytracker.com/id/1034321 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-129 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •