MS11-078: Vulnerability in Microsoft Silverlight Could Allow Remote Code Execution (2604930) (Mac OS X)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

A browser enhancement on the remote Mac OS X host could allow
arbitrary code execution.

Description :

The version of Microsoft Silverlight installed on the remote host
reportedly does not properly restrict inheritance within classes.

An attacker may be able to leverage this vulnerability to execute
arbitrary code on the affected system if a user on it can be tricked
into viewing a specially crafted web page using a web browser that can
run Silverlight applications.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms11-078
http://www.microsoft.com/download/en/details.aspx?id=27703

Solution :

Microsoft has released a patch for Silverlight 4.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 58094 ()

Bugtraq ID: 49999

CVE ID: CVE-2011-1253