MS14-014: Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
Medium Nessus Plugin ID 72932
SynopsisA browser enhancement on the remote Windows host is affected by a security feature bypass vulnerability.
DescriptionThe version of Microsoft Silverlight installed on the remote host is reportedly affected by a security feature bypass vulnerability due to improper implementation of Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR).
If an attacker could trick a user on the affected system into visiting a website hosting a malicious Silverlight application, the attacker could bypass the DEP and ASLR security features.
SolutionMicrosoft has released a set of patches for Silverlight 5.