PT-2015-3206 · Microsoft · Silverlight

Published

2015-12-09

Updated

2018-10-12

CVE-2015-6114

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Silverlight versions prior to 5.1.41105.00

Description The issue is related to the lack of protection for internal data in the Silverlight platform, allowing a remote attacker to bypass the Address Space Layout Randomization (ASLR) protection mechanism via a crafted web site. This enables the attacker to potentially predict the location of code and data in memory, facilitating further exploitation.

Recommendations For Microsoft Silverlight versions prior to 5.1.41105.00, update to version 5.1.41105.00 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2016-00926

CVE-2015-6114

Affected Products

Silverlight

PT-2015-3206 · Microsoft · Silverlight

CVE-2015-6114

Weakness Enumeration

Related Identifiers

Affected Products

References · 6