CVSS: 9.3EPSS: 92%CPEs: 11EXPL: 0CVE-2013-3131
https://notcve.org/view.php?id=CVE-2013-3131
10 Jul 2013 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, y 4.5, y Silverlight 5 no previenen adecuadamente los los cambios en los datos de las matrices m... • http://www.us-cert.gov/ncas/alerts/TA13-190A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 65%CPEs: 36EXPL: 0CVE-2013-3129
https://notcve.org/view.php?id=CVE-2013-3129
10 Jul 2013 — Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to exec... • http://www.us-cert.gov/ncas/alerts/TA13-190A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 4CVE-2013-0074 – Microsoft Silverlight Double Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2013-0074
13 Mar 2013 — Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." Microsoft Silverlight v5 y 5 Developer Runtime anterior a 5.1.20125.0 no valida adecuadamente los punteros durante el renderizado de un objeto HTML, lo que permite a atacantes remotos ejecutar código de su elección a través de una... • https://packetstorm.news/files/id/123731 •
CVSS: 10.0EPSS: 85%CPEs: 28EXPL: 0CVE-2012-0159 – Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
https://notcve.org/view.php?id=CVE-2012-0159
09 May 2012 — Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Wind... • http://secunia.com/advisories/49121 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 95%CPEs: 12EXPL: 0CVE-2012-0176
https://notcve.org/view.php?id=CVE-2012-0176
09 May 2012 — Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." Vulnerabilidad de liberación doble en Microsoft Silverlight v4 anterior a v4.1.10329 en Windows permite a atacantes remotos ejecutar código arbitrario mediante vectores que comprenden la manipulación XAML glyphs, también conocido como "Vulnerabilidad de liberación doble en Silverlight" • http://secunia.com/advisories/49122 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 48%CPEs: 26EXPL: 0CVE-2012-0014
https://notcve.org/view.php?id=CVE-2012-0014
14 Feb 2012 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." Microsoft .NET Framework v2.0 SP2 y v3.5.1 y v4, y Silverlight v4... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 15%CPEs: 41EXPL: 0CVE-2011-1253
https://notcve.org/view.php?id=CVE-2011-1253
12 Oct 2011 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.5.1, y v4, y Silverlight v4 ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-078 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 26%CPEs: 62EXPL: 0CVE-2011-0664
https://notcve.org/view.php?id=CVE-2011-0664
16 Jun 2011 — Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." El framework Microsoft .NET 2.0 SP1 y SP2... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-039 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1844
https://notcve.org/view.php?id=CVE-2011-1844
03 May 2011 — Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection. Fallo de memoria en Microsoft Silverlight v4 antes de v4.0.60310.0 permite a atacantes remotos provocar una denegación de servicio (por consumo de memoria), por un fallo en la recolección de basura por parte del recolector a través de una aplicación que ... • http://isc.sans.edu/diary.html?storyid=10747 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1845
https://notcve.org/view.php?id=CVE-2011-1845
03 May 2011 — Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element. Múltiples pérdidas de memoria en la implementación del control DataGrid en Microsoft Silverlight v4 antes de v4.0.60310.0, permite a atacantes remotos provocar una denegación de servicio (consumo de ... • http://isc.sans.edu/diary.html?storyid=10747 • CWE-399: Resource Management Errors •