Microsoft Silverlight 5, and 5 Developer Runtime, prior to 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote malicious users to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft silverlight |
||
microsoft silverlight 5.0.60401.0 |
||
microsoft silverlight 5.0.60818.0 |
Hacker recipe: a dash of Flash, a sprinkle of Silverlight, a pinch of Java and YOU'RE DONE
Tousle-haired celebrity chef Jamie Oliver has served up a stomach-churning exploit kit to those who visit his web site. His eponymous .com site, ranked 519 in the UK and drawing some 10 million visitors a month was compromised to plate-up the foul-tasting Fiesta exploit kit to compromise user machines. Malwarebytes senior researcher Jérôme Segura said crook cooks orchestrated a "carefully and well hidden" attack and hid an iframe URL with base-64 encoding. "The web masters will need to look fo...
There is no honour among thieves
A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators including UK hacker known as MalwareTech (@MalwareTechBlog) and French bod Kaffeine (@kafeine) discovered the source code being slung on HackForums by the apparent former r...
Stuxnet, Sality, Gauss, Flame still infecting your unpatched boxen
Nearly 20 million computers remain infected with malware targeting a vulnerability first targeted four years ago by the Stuxnet worm. The flaw (CVE-2010-2568) was a Windows operating system bug in the way shortcuts worked allowing quiet download of the random dynamic library on Win Server 2003 and XP through to version 7. Since July 2010 it has continued to power the Sality worm, and fueled Stuxnet and its derivatives Flame and Gauss on unpatched machines. The Red October malware emerged in Janu...