PT-2015-3206 · Microsoft · Silverlight

Publicado

2015-12-09

Atualizado

2018-10-12

CVE-2015-6114

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Silverlight versions prior to 5.1.41105.00

Description The issue is related to the lack of protection for internal data in the Silverlight platform, allowing a remote attacker to bypass the Address Space Layout Randomization (ASLR) protection mechanism via a crafted web site. This enables the attacker to potentially predict the location of code and data in memory, facilitating further exploitation.

Recommendations For Microsoft Silverlight versions prior to 5.1.41105.00, update to version 5.1.41105.00 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2016-00926

CVE-2015-6114

Produtos afetados

Silverlight

PT-2015-3206 · Microsoft · Silverlight

CVE-2015-6114

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6