Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Vulnerability in Silverlight Could Allow Security Feature Bypass


Report ID: MS201403005
Date Published: March 11, 2014

Criticality: Important
Compromise Type: security-bypass
Compromise From: local-system


Affected Product/Component:

Microsoft Silverlight 5
Microsoft Silverlight 5 Developer Runtime




Summary

A vulnerability in Microsoft Silverlight's implementation of the Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) security features may, if successfully exploited, allow an attacker to bypass these security features.



Detailed Description

Both Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) are security features intended to make it harder for attackers to predict where their malicious files would be saved on a system. A vulnerability in the way Silverlight implements these security features may allow an attacker to bypass them and proceed to attack other vulnerabilities.



CVE Reference

CVE-2014-0319



Solution

Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-014)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.