CVE-2016-0034
Microsoft Silverlight Runtime Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
Microsoft Silverlight 5 en versiones anteriores a 5.1.41212.0 no maneja correctamente offsets negativos durante la decodificación, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción objeto-cabecera) a través de un sitio web manipulado, también conocido como "Silverlight Runtime Remote Code Execution Vulnerability".
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-04 CVE Reserved
- 2016-01-13 CVE Published
- 2017-12-01 First Exploit
- 2022-05-25 Exploited in Wild
- 2022-06-15 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-11-02 EPSS Updated
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1034655 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://github.com/hybridious/CVE-2016-0034-Decompile | 2017-12-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-006 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Silverlight Search vendor "Microsoft" for product "Silverlight" | 5.0 Search vendor "Microsoft" for product "Silverlight" and version "5.0" | - |
Affected
| ||||||