Vulnerability in Silverlight Could Allow Security Feature Bypass
Report ID: MS201403005
Date Published: March 11, 2014
Compromise Type: security-bypass
Compromise From: local-system
Microsoft Silverlight 5
Microsoft Silverlight 5 Developer Runtime
A vulnerability in Microsoft Silverlight's implementation of the Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) security features may, if successfully exploited, allow an attacker to bypass these security features.
Both Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) are security features intended to make it harder for attackers to predict where their malicious files would be saved on a system. A vulnerability in the way Silverlight implements these security features may allow an attacker to bypass them and proceed to attack other vulnerabilities.
Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-014)