Microsoft Silverlight Multiple Memory Leak Vulnerabilities Network Vulnerability

Summary

This host is installed with Microsoft Silverlight and is prone to to multiple memory leak vulnerabilities.

Impact

Successful exploitation will allow attacker to cause denial of service. Impact Level: Application

Solution

Upgrade to Microsoft Silverlight 4.0.60310.0 or later, For updates refer to http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx

Insight

The flaws exists due to: - An error in handling of 'popup' control and a custom 'DependencyProperty' property. - An error in the 'DataGrid' control implementation, which allows remote attacker to consume memory via an application involving subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or TextBlock or a TextBox element.

Affected

Microsoft Silverlight version 4 before 4.0.60310.0

References

http://isc.sans.edu/diary.html?storyid=10747
http://support.microsoft.com/kb/2526954

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1844, CVE-2011-1845

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Mac OS X

Take action and discover your vulnerabilities