ID CVE-2012-0176
Summary Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:silverlight:4.0.50401.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.50401.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.0.603310.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.0.603310.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.1.10111:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.1.10111:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:silverlight:4.1.10111.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:silverlight:4.1.10111.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 22:02)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-22T04:00:10.921-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Microsoft Silverlight 4 is installed
oval oval:org.mitre.oval:def:14639
description Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
family windows
id oval:org.mitre.oval:def:15574
status accepted
submitted 2012-05-08T13:00:00
title Silverlight Double-Free Vulnerability
version 8
refmap via4
bid 53360
cert TA12-129A
ms MS12-034
sectrack 1027040
secunia 49122
Last major update 12-10-2018 - 22:02
Published 09-05-2012 - 00:55
Back to Top