MS14-014: Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

A browser enhancement on the remote Windows host is affected by a
security feature bypass vulnerability.

Description :

The version of Microsoft Silverlight installed on the remote host is
reportedly affected by a security feature bypass vulnerability due to
improper implementation of Data Execution Protection (DEP) and Address
Space Layout Randomization (ASLR).

If an attacker could trick a user on the affected system into visiting a
website hosting a malicious Silverlight application, the attacker could
bypass the DEP and ASLR security features.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms14-014

Solution :

Microsoft has released a set of patches for Silverlight 5.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 72932 ()

Bugtraq ID: 66046

CVE ID: CVE-2014-0319