Vulnerability Name:

CVE-2010-0019 (CCN-55154)

Assigned:2009-12-14
Published:2010-08-10
Updated:2018-10-12
Summary:Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-0019

Source: CCN
Type: SA40872
Microsoft .NET Framework / Silverlight Code Execution Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS12-035
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

Source: CCN
Type: Microsoft Security Bulletin MS10-060
Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

Source: CCN
Type: Microsoft Security Bulletin MS11-044
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

Source: CCN
Type: Microsoft Security Bulletin MS11-078
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

Source: CCN
Type: BID-42138
Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability

Source: CERT
Type: US Government Resource
TA10-222A

Source: MS
Type: UNKNOWN
MS10-060

Source: XF
Type: UNKNOWN
ms-silverlight-code-execution(55154)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:silverlight:*:*:*:*:*:*:*:* (Version <= 3.0.40818.0)
  • AND
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:silverlight:*:*:*:*:*:*:*:* (Version <= 3.0.50106.0)
  • AND
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft silverlight 3.0.40624.00
    microsoft silverlight 3.0.40723.0
    microsoft silverlight *
    apple mac os x *
    microsoft silverlight 3.0.40624.00
    microsoft silverlight 3.0.40723.0
    microsoft silverlight 3.0.40818.0
    microsoft silverlight *
    microsoft windows *