Name |
Description |
CVE-2017-0283 |
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,
Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows
10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3,
Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft
Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5
Developer Runtime when installed on Microsoft Windows, and Microsoft
Silverlight 5 when installed on Microsoft Windows allows a remote code
execution vulnerability due to the way it handles objects in memory,
aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE
ID is unique from CVE-2017-8528.
|
CVE-2017-0108 |
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2;
and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010;
Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server
2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to
execute arbitrary code via a crafted web site, aka "Graphics Component
Remote Code Execution Vulnerability." This vulnerability is different
from that described in CVE-2017-0014.
|
CVE-2016-3367 |
StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not
properly allocate memory for string-insert and string-append
operations, which allows remote attackers to execute arbitrary code
via a crafted web site, aka "Microsoft Silverlight Memory Corruption
Vulnerability."
|
CVE-2016-3209 |
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista
SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1;
Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold,
1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype
for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live
Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and
4.6; and Silverlight 5 allows remote attackers to bypass the ASLR
protection mechanism via unspecified vectors, aka "True Type Font
Parsing Information Disclosure Vulnerability."
|
CVE-2016-0034 |
Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets
during decoding, which allows remote attackers to execute arbitrary
code or cause a denial of service (object-header corruption) via a
crafted web site, aka "Silverlight Runtime Remote Code Execution
Vulnerability."
|
CVE-2015-6166 |
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to
execute arbitrary code or cause a denial of service (out-of-bounds
read or write access) via unspecified open and close requests, aka
"Microsoft Silverlight RCE Vulnerability."
|
CVE-2015-6165 |
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to
bypass the ASLR protection mechanism via a crafted web site, aka
"Microsoft Silverlight Information Disclosure Vulnerability," a
different vulnerability than CVE-2015-6114.
|
CVE-2015-6114 |
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to
bypass the ASLR protection mechanism via a crafted web site, aka
"Microsoft Silverlight Information Disclosure Vulnerability," a
different vulnerability than CVE-2015-6165.
|
CVE-2015-6108 |
The Windows font library in Microsoft Windows Vista SP2; Windows
Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1;
Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007
SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1,
4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010;
Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows
remote attackers to execute arbitrary code via a crafted embedded
font, aka "Graphics Memory Corruption Vulnerability."
|
CVE-2015-2464 |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and
R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live
Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1,
Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework
3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote
attackers to execute arbitrary code via a crafted TrueType font, aka
"TrueType Font Parsing Vulnerability," a different vulnerability than
CVE-2015-2463.
|
CVE-2015-2463 |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and
R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live
Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1,
Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework
3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote
attackers to execute arbitrary code via a crafted TrueType font, aka
"TrueType Font Parsing Vulnerability," a different vulnerability than
CVE-2015-2464.
|
CVE-2015-2456 |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and
R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2,
Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013
SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET
Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow
remote attackers to execute arbitrary code via a crafted TrueType
font, aka "TrueType Font Parsing Vulnerability," a different
vulnerability than CVE-2015-2455.
|
CVE-2015-2455 |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and
R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2,
Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013
SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET
Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow
remote attackers to execute arbitrary code via a crafted TrueType
font, aka "TrueType Font Parsing Vulnerability," a different
vulnerability than CVE-2015-2456.
|
CVE-2015-2435 |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and
R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2,
Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013
SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow
remote attackers to execute arbitrary code via a crafted TrueType
font, aka "TrueType Font Parsing Vulnerability."
|
CVE-2015-1715 |
Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to
bypass intended integrity-level restrictions via a crafted Silverlight
application, aka "Microsoft Silverlight Out of Browser Application
Vulnerability."
|
CVE-2015-1671 |
The Windows DirectWrite library, as used in Microsoft .NET Framework
3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and
2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee;
Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00;
and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote
attackers to execute arbitrary code via a crafted TrueType font, aka
"TrueType Font Parsing Vulnerability."
|
CVE-2014-0319 |
Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer
Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR
protection mechanisms via unspecified vectors, aka "Silverlight
DEP/ASLR Bypass Vulnerability."
|
CVE-2013-3896 |
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate
pointers during access to Silverlight elements, which allows remote
attackers to obtain sensitive information via a crafted Silverlight
application, aka "Silverlight Vulnerability."
|
CVE-2013-3178 |
Microsoft Silverlight 5 before 5.1.20513.0 does not properly
initialize arrays, which allows remote attackers to execute arbitrary
code or cause a denial of service (NULL pointer dereference) via a
crafted Silverlight application, aka "Null Pointer Vulnerability."
|
CVE-2013-3131 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and
Silverlight 5 before 5.1.20513.0, does not properly prevent changes to
data in multidimensional arrays of structures, which allows remote
attackers to execute arbitrary code via (1) a crafted .NET Framework
application or (2) a crafted Silverlight application, aka "Array
Access Violation Vulnerability."
|
CVE-2013-3129 |
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight
5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+,
DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in
Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET
2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013
allow remote attackers to execute arbitrary code via a crafted
TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
|
CVE-2013-0074 |
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0
does not properly validate pointers during HTML object rendering,
which allows remote attackers to execute arbitrary code via a crafted
Silverlight application, aka "Silverlight Double Dereference
Vulnerability."
|
CVE-2012-0176 |
Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329
on Windows allows remote attackers to execute arbitrary code via
vectors involving crafted XAML glyphs, aka "Silverlight Double-Free
Vulnerability."
|
CVE-2012-0159 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows
Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and
SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and
SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and
Silverlight 5 before 5.1.10411 allow remote attackers to execute
arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType
Font Parsing Vulnerability."
|
CVE-2012-0014 |
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4
before 4.1.10111, does not properly restrict access to memory
associated with unmanaged objects, which allows remote attackers to
execute arbitrary code via (1) a crafted XAML browser application (aka
XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework
application, or (4) a crafted Silverlight application, aka ".NET
Framework Unmanaged Objects Vulnerability."
|
CVE-2011-3389 |
The SSL protocol, as used in certain configurations in Microsoft
Windows and Microsoft Internet Explorer, Mozilla Firefox, Google
Chrome, Opera, and other products, encrypts data by using CBC mode
with chained initialization vectors, which allows man-in-the-middle
attackers to obtain plaintext HTTP headers via a blockwise
chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with
JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java
URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST"
attack.
|
CVE-2011-1845 |
Multiple memory leaks in the DataGrid control implementation in
Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to
cause a denial of service (memory consumption) via an application
involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged
event or (2) a TextBlock or TextBox element.
|
CVE-2011-1844 |
Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows
remote attackers to cause a denial of service (memory consumption) via
an application involving a popup control and a custom
DependencyProperty property, related to lack of garbage collection.
|
CVE-2011-1253 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and
Silverlight 4 before 4.0.60831, does not properly restrict
inheritance, which allows remote attackers to execute arbitrary code
via (1) a crafted XAML browser application (aka XBAP), (2) a crafted
ASP.NET application, (3) a crafted .NET Framework application, or (4)
a crafted Silverlight application, aka ".NET Framework Class
Inheritance Vulnerability."
|
CVE-2011-0664 |
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and
4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate
arguments to unspecified networking API functions, which allows remote
attackers to execute arbitrary code via (1) a crafted XAML browser
application (aka XBAP), (2) a crafted ASP.NET application, (3) a
crafted .NET Framework application, or (4) a crafted Silverlight
application, aka ".NET Framework Array Offset Vulnerability."
|
CVE-2010-1898 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1,
2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3
before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does
not properly handle interfaces and delegations to virtual methods,
which allows remote attackers to execute arbitrary code via (1) a
crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET
application, or (3) a crafted .NET Framework application, aka
"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method
Delegate Vulnerability."
|
CVE-2010-0019 |
Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before
3.0.41130.0 on Mac OS X, does not properly handle pointers, which
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and framework outage) via a crafted web
site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
|
CVE-2009-2497 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0
SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly
handle interfaces, which allows remote attackers to execute arbitrary
code via (1) a crafted XAML browser application (XBAP), (2) a crafted
Silverlight application, (3) a crafted ASP.NET application, or (4) a
crafted .NET Framework application, aka "Microsoft Silverlight and
Microsoft .NET Framework CLR Vulnerability."
|