Microsoft Silverlight Multiple Memory Leak Vulnerabilities Network Vulnerability

Summary

This host is installed with Microsoft Silverlight and is prone to to multiple memory leak vulnerabilities.

Impact

Successful exploitation will allow attacker to cause denial of service. Impact Level: Application

Solution

Upgrade to Microsoft Silverlight 4.0.60310.0 or later, For updates refer to http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx

Insight

The flaws exists due to: - An error in handling of 'popup' control and a custom 'DependencyProperty' property. - An error in the 'DataGrid' control implementation, which allows remote attacker to consume memory via an application involving subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or TextBlock or a TextBox element.

Affected

Microsoft Silverlight version 4 before 4.0.60310.0

References

http://isc.sans.edu/diary.html?storyid=10747
http://support.microsoft.com/kb/2526954

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1844, CVE-2011-1845

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)

Take action and discover your vulnerabilities