CVE-2010-0019 — Code Injection in Microsoft Silverlight

CWE-94 — Code Injection CWE-401 — Missing Release of Memory after Effective Lifetime CWE-228 — Improper Handling of Syntactically Invalid Structure CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

9.3CRITICALNVD

EPSS

21.6%

top 4.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Silverlight

Timeline

PublishedAug 11

Latest updateMay 2

Description

Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/silverlight3.0.40818.0+4

🔴Vulnerability Details

GHSA

GHSA-7xgr-cxmr-5q3f: Microsoft Silverlight 3 before 3↗2022-05-02

▶

CVEList

CVE-2010-0019: Microsoft Silverlight 3 before 3↗2010-08-11

▶

📋Vendor Advisories

Red Hat

Server: Multiple memory leaks in the normalization functionality↗2010-12-16

▶

Red Hat

kernel: ipv6_hop_jumbo remote system crash↗2007-09-07

▶

💬Community

Bugzilla

CVE-2010-4746 Directory Server: Multiple memory leaks in the normalization functionality↗2011-02-24

▶

Bugzilla

CVE-2009-4538 kernel: e1000e frame fragment issue↗2009-12-29

▶