Rapid7 Vulnerability & Exploit Database

MS14-014: Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) [Silverlight for Mac]

Back to Search

MS14-014: Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) [Silverlight for Mac]

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:C/A:N)
Published
03/11/2014
Created
07/25/2018
Added
03/11/2014
Modified
12/08/2015

Description

This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

Solution(s)

  • silverlight-for-mac-upgrade-5_1_30214_0

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;