Product Silverlight agcore.dll Severity High CVE Reference N/A Type MS12-034 - Silverlight Hebrew Unicode Engine Glyph Rendering Heap Double Free

A string in XAML containing 33 Hebrew Unicode Glyphs of certain Unicode values (0×0591 – 0×05AF) causes a double free to occur in the Silverlight engine.

Package Name Silverlight agcore.dll Date 2012-05-28 Affected Versions Silverlight 4, Silverlight 5 Author Alex Plaskett Severity High Vulnerability Class Remote Code Execution – Heap Memory Corruption Vendor Microsoft Vendor Response http://technet.microsoft.com/en-us/security/bulletin/ms12-034

Impact

The heap memory corruption could potentially be used by an attacker to execute arbitrary code on vulnerable instances of Silverlight. The vulnerability could be used to break out of the .NET sandbox to achieve native code execution. This vulnerability can be triggered remotely through a web browser through use of a specially crafted web page.

Cause

The vulnerability is caused by Microsoft Silverlight incorrectly freeing memory when rendering specially crafted XAML glyphs. (For example: Unicode Glyph characters for the Hebrew accent and point character set).

Interim Workaround

In order to mitigate this vulnerability from exploitation remotely through the browser Silverlight can be disabled. However, applications which make use of Silverlight will still be vulnerable. Full remediation requires the application of MS12-034 patch available through Windows Updates.

Solution

Microsoft patch MS12-034 was issued to address this issue.