(MS14-014) Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
Publish Date: 12 mars 2014
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2014-0319
Date du conseil: 12 mars 2014
Description
This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Solutions
Affected software and version:
- Microsoft Silverlight 5 Developer Runtime when installed on Mac
- Microsoft Silverlight 5 Developer Runtime when installed on all supported releases of Microsoft Windows clients
- Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows servers
- Microsoft Silverlight 5 Developer Runtime when installed on all supported releases of Microsoft Windows servers
- Microsoft Silverlight 5 when installed on Mac
- Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows clients