MS12-034 - Silverlight Hebrew Unicode Engine Glyph Rendering Heap Double Free
- Published: 29 May 2012
MS12-034 - Silverlight Hebrew Unicode Engine Glyph Rendering Heap Double Free
Share
Type
- MS12-034 - Silverlight Hebrew Unicode Engine Glyph Rendering Heap Double Free
Severity
- High
Affected products
- Silverlight agcore.dll
Affected Versions
- Silverlight 4, Silverlight 5
Vendor
- Microsoft
Vendor Response
Vulnerability Class
- Remote Code Execution – Heap Memory Corruption
Author
- Alex Plaskett
Date
- 2012-05-28
CVE Reference
- N/A
A string in XAML containing 33 Hebrew Unicode Glyphs of certain Unicode values (0×0591 – 0×05AF) causes a double free to occur in the Silverlight engine.
Impact
The heap memory corruption could potentially be used by an attacker to execute arbitrary code on vulnerable instances of Silverlight. The vulnerability could be used to break out of the .NET sandbox to achieve native code execution. This vulnerability can be triggered remotely through a web browser through use of a specially crafted web page.
Cause
The vulnerability is caused by Microsoft Silverlight incorrectly freeing memory when rendering specially crafted XAML glyphs. (For example: Unicode Glyph characters for the Hebrew accent and point character set).
Interim Workaround
In order to mitigate this vulnerability from exploitation remotely through the browser Silverlight can be disabled. However, applications which make use of Silverlight will still be vulnerable. Full remediation requires the application of MS12-034 patch available through Windows Updates.
Solution
Microsoft patch MS12-034 was issued to address this issue.