CVE-2016-0034

CVSS 8.8 HIGHEPSS 69.7%● KEV

In short

Microsoft Silverlight 5 has a flaw in how it processes certain data from websites, allowing attackers to run malicious code or crash the application through a specially crafted web page.

Technical detail

Silverlight 5 mishandles negative offsets during decoding operations, enabling remote code execution or denial of service via object-header corruption. Attack vector is network-based through a malicious web site; no user interaction beyond visiting the site is required. Impact includes arbitrary code execution in the Silverlight runtime context.

Summary generated and translated by AI from the official description.

Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-006 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0034 http://www.securitytracker.com/id/1034655