KB4017094: Security Update for the libjpeg Information Disclosure Vulnerability for Microsoft Silverlight 5 (April 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A web application framework running on the remote host is affected by
an information disclosure vulnerability.

Description :

The version of Silverlight 5 installed on the remote Windows host is
missing security update KB4017094. It is, therefore, affected by an
information disclosure vulnerability in the open-source libjpeg image
processing library due to improper handling of objects in memory. An
unauthenticated, remote attacker can exploit this to disclose
sensitive information that can be utilized to bypass ASLR security
protections.

See also :

https://support.microsoft.com/en-us/help/4017094/title
http://www.nessus.org/u?d5f07ab5

Solution :

Apply security update KB4017094.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 99289 ()

Bugtraq ID: 63676

CVE ID: CVE-2013-6629

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now