Detections
Analytics
MS15-129: Security Update for Silverlight to Address Remote Code Execution (3106614) (Mac OS X)
high Nessus Plugin ID 87251
Language:
Synopsis
A multimedia application framework installed on the remote Mac OS X host is affected by multiple vulnerabilities.Description
The version of Microsoft Silverlight installed on the remote Mac OS X host is affected by the following vulnerabilities :- Multiple information disclosure vulnerabilities exist due to a failure to properly handle objects in memory.
An attacker can exploit these issues, via crafted Silverlight content, to more reliably predict pointer values and thus degrade the effectiveness of the Address Space Layout Randomization (ASLR) security feature, allowing the system to be further compromised.
(CVE-2015-6114, CVE-2015-6165)
- A remote code execution vulnerability exists due to incorrect handling of certain open and close requests, which result in read and write access violations. A remote attacker can exploit this vulnerability, via a specially crafted Silverlight application, to gain privileges and take complete control of the affected host. (CVE-2015-6166)
Solution
Microsoft has released a set of patches for Silverlight 5.See Also
http://technet.microsoft.com/en-us/security/bulletin/ms15-129
Plugin Details
Severity: High
ID: 87251
File Name: macosx_ms15-129.nasl
Version: 1.7
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 12/8/2015
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:microsoft:silverlight
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Silverlight/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 12/8/2015
Vulnerability Publication Date: 12/8/2015
Reference Information
CVE: CVE-2015-6114, CVE-2015-6165, CVE-2015-6166
MSFT: MS15-129
MSKB: 3106614