| Name | ms16_006_silverlight |
| CVE | CVE-2016-0034 |
| Exploit Pack | CANVAS |
| Description | ms16_006_silverlight |
| Notes | CVE Name: CVE-2016-0034 VENDOR: Microsoft Notes: This module exploits a mishandling of negative offsets during a decoding. This situation could be exploited to overwrite with controlled data any position prior to the buffer. In this case, an array's length will be corrupted to obtain an arbitrary memory read/write primitive. The class responsable for returning negative offsets is a custom one, inherited from Decoder. The vulnerable code could be reached by calling the Read method of a BinaryReader object. Tested on: Windows 7 Ultimate SP1 x32 with IE11 32 bits (Silverlight 5.1.30514.0 32-bit) Windows 7 Professional SP1 x64 with IE11 64 bits (Silverlight 5.1.30514.0 64-bit) Notes: The browser may displays a message informing that a new version of Silverlight is available, in this case is required that the user press the "Run this time" button to get the exploit executed. When targeting a 64-bit browser first of all create a new 'WIN64 MOSDEF INTEL' listener at 5555 port. VersionsAffected: Previous to 5.1.41212.0 are affected References: ['https://technet.microsoft.com/en-us/library/security/ms16-006.aspx'] CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0034 Date public: 01/12/2016 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |