13 Sep 2016
CVE-2016-3367 Vulnerability
Publié par . Publié dans Memory corruption
StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." (CVSS:0.0) (Last Update:2016-09-14)
Vulnerability Details : StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." Publish Date : 2016-09-14 Last Update Date : 2016-09-14 - CVSS Scores & Vulnerability Types CVSS Score | 0.0 | Confidentiality Impact | ??? | Integrity Impact | ??? | Availability Impact | ??? | Access Complexity | ??? | Authentication | ??? | Gained Access | None | Vulnerability Type(s) | Execute CodeMemory corruption | CWE ID | CWE id is not defined for this vulnerability | | | - Products Affected By CVE-2016-3367 # | Product Type | Vendor | Product | Version | Update | Edition | Language | | No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. | - References For CVE-2016-3367 http://technet.microsoft.com/en-us/security/bulletin/ms16-109 Microsoft Security Bulletin MS16-109 Security Update for Silverlight to Address Remote Code Execution This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker's website.
Vulnerabilities addressed in this bulletin:
- Microsoft Silverlight Memory Corruption Vulnerability
Release Date:2016-09-13 | | |
- Metasploit Modules Related To CVE-2016-3367There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
| |