Microsoft Silverlight 5 prior to 5.1.41212.0 mishandles negative offsets during decoding, which allows remote malicious users to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
microsoft silverlight 5.0 |
Pay peanuts, get monkeys.
Authors of the Sundown exploit kit have proven themselves masters of copy and paste, stealing exploits from rivals and borking encryption when they opt for originality. Exploit kits offer an arsenal of attacks to the unscrupulous and are popular because they offer many means to point malicious payloads at victim machines. Authors compete to build the most capable exploit kits by reverse-engineering patches to build in the latest exploits, by buying zero-day exploits on underground market or some...
Download PDF version 2016 has only just got underway, but the first three months have already seen the same amount of cybersecurity events that just a few years ago would have seemed normal for a whole year. The main underlying trends remained the same, while there was significant growth in trends related to traditional cybercrime, especially mobile threats and global ransomware epidemics. Ransomware became the main theme of the quarter after knocking targeted attacks from the top of the most po...
There is no honour among content thieves
Scores of Game of Thrones pirates may have had computers encrypted by ransomware after malvertisers served the dangerous malware through the Pirate Bay during the mega-series' season six première last weekend. MalwareBytes researcher Jerome Segura says the hard-working Magnitude exploit kit authors were able to target pirates after they bought advertising space on the infamous Bittorrent website targeting users with pop-under ads. Magnitude is a hugely successful crimeware offering that allows ...
Kaspersky reveals story behind nasty Patch Tuesday fix
Kaspersky has revealed how it tracked an exploit developer's debug signature over months to find and report to Microsoft a dangerous, then zero-day vulnerability in Silverlight that could have placed millions of users at risk of compromise. The Russian security outfit reported (CVE-2016-0034) the bug late last year which was crushed in this week's Patch Tuesday update. Kaspersky threat-throttlers Costin Raiu and Anton Ivanov write that the vulnerability was found after analysing leaked Hacking T...
Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company. For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the brea...
с новым годом! Microsoft rings in the New Year with a new set of ten security bulletins MS16-001 through MS16-010, patching 24 CVE detailed vulnerabilities. These bulletins effect Microsoft web browsers and plugins, Office software, Windows system software, and Exchange mail servers. Six of them maintain a critical rating. The Critical bulletins effect the following software: Somewhat surprisingly with over twenty vulnerabilities, Microsoft claims to be unaware of public exploitation...
Vulmon