| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-006 | Security Update for Silverlight to Address Remote Code Execution (3126036) | Microsoft Silverlight | Critical | 13-01-2016 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application.
Detailed Information on the risk:
A remote code execution vulnerability exists when Microsoft Silverlight decodes strings using a malicious decoder that can return negative offsets that cause Silverlight to replace unsafe object headers with contents provided by an attacker. In a web-browsing scenario, an attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user.
Microsoft Silverlight 5Further information on this exploit is available at : MS16-006
Microsoft Silverlight 5 Developer Runtime
Affected Software
Microsoft Silverlight 5Microsoft Silverlight 5 Developer Runtime