Vulnerabilities > CVE-2011-1845 - Resource Management Errors vulnerability in Microsoft Silverlight

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

microsoft

CWE-399

nessus

NVD

Published: 2011-05-03

Updated: 2011-07-14

Summary

Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Silverlight 2.0.31005.00 Microsoft Silverlight 2.0.40115.00 Microsoft Silverlight 3.0.40624.00 Microsoft Silverlight 3.0.40723.0 Microsoft Silverlight 3.0.40818.0 Microsoft Silverlight 3.0.50106.0 Microsoft Silverlight 4.0.50401.0 Microsoft Silverlight 4.0.50524.00 Microsoft Silverlight 4.0.50826.0 Microsoft Silverlight 4.0.50917.0 Microsoft Silverlight 4.0.51204.0 Microsoft Silverlight 4.0.60129.0	12

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Windows
NASL id	SMB_KB2526954.NASL
description	The remote Windows host is running a version of Microsoft Silverlight that is affected by multiple vulnerabilities : - A memory leak exists relating to a popup control and a custom
last seen	2020-06-01
modified	2020-06-02
plugin id	53830
published	2011-05-06
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/53830
title	MS KB2526954: Microsoft Silverlight 4.0 < 4.0.60310 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References