MS14-014: Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

A browser enhancement on the remote Windows host is affected by a
security feature bypass vulnerability.

Description :

The version of Microsoft Silverlight installed on the remote host is
reportedly affected by a security feature bypass vulnerability due to
improper implementation of Data Execution Protection (DEP) and Address
Space Layout Randomization (ASLR).

If an attacker could trick a user on the affected system into visiting a
website hosting a malicious Silverlight application, the attacker could
bypass the DEP and ASLR security features.

See also :

Solution :

Microsoft has released a set of patches for Silverlight 5.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 72932 ()

Bugtraq ID: 66046

CVE ID: CVE-2014-0319