Vigil@nce - Silverlight: privilege escalation
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to execute a Silverlight
application, in order to escalate his privileges.
Impacted products: Silverlight
Severity: 2/4
Creation date: 12/05/2015
DESCRIPTION OF THE VULNERABILITY
The Silverlight product is used to execute applications, in the
browser, or locally.
However, when an application is directly executed, it can escape
from its sandbox.
An attacker can therefore invite the victim to execute a
Silverlight application, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Silverlight-privilege-escalation-16890