Detections
Analytics
MS15-129: Security Update for Silverlight to Address Remote Code Execution (3106614)
high Nessus Plugin ID 87258
Language:
Synopsis
A multimedia application framework installed on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Microsoft Silverlight installed on the remote Windows host is affected by the following vulnerabilities :- Multiple information disclosure vulnerabilities exist due to a failure to properly handle objects in memory.
An attacker can exploit these issues, via crafted Silverlight content, to more reliably predict pointer values and thus degrade the effectiveness of the Address Space Layout Randomization (ASLR) security feature, allowing the system to be further compromised.
(CVE-2015-6114, CVE-2015-6165)
- A remote code execution vulnerability exists due to incorrect handling of certain open and close requests, which result in read and write access violations. A remote attacker can exploit this vulnerability, via a specially crafted Silverlight application, to gain privileges and take complete control of the affected host. (CVE-2015-6166)
Solution
Microsoft has released a set of patches for Silverlight 5.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-129
Plugin Details
Severity: High
ID: 87258
File Name: smb_nt_ms15-129.nasl
Version: 1.9
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 12/8/2015
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:microsoft:silverlight
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 12/8/2015
Vulnerability Publication Date: 12/8/2015
Reference Information
CVE: CVE-2015-6114, CVE-2015-6165, CVE-2015-6166
MSFT: MS15-129
MSKB: 3106614