MS12-034 - Silverlight Hebrew Unicode Engine Glyph Rendering Heap Double Free
A string in XAML containing 33 Hebrew Unicode Glyphs of certain Unicode values (0×0591 – 0×05AF) causes a double free to occur in the Silverlight engine.
- Package Name
- Silverlight agcore.dll
- Date
- 2012-05-28
- Affected Versions
- Silverlight 4, Silverlight 5
- Author
- Alex Plaskett
- Severity
- High
- Vulnerability Class
- Remote Code Execution – Heap Memory Corruption
- Vendor
- Microsoft
- Vendor Response
- http://technet.microsoft.com/en-us/security/bulletin/ms12-034
Impact
The heap memory corruption could potentially be used by an attacker to execute arbitrary code on vulnerable instances of Silverlight. The vulnerability could be used to break out of the .NET sandbox to achieve native code execution. This vulnerability can be triggered remotely through a web browser through use of a specially crafted web page.
Cause
The vulnerability is caused by Microsoft Silverlight incorrectly freeing memory when rendering specially crafted XAML glyphs. (For example: Unicode Glyph characters for the Hebrew accent and point character set).
Interim Workaround
In order to mitigate this vulnerability from exploitation remotely through the browser Silverlight can be disabled. However, applications which make use of Silverlight will still be vulnerable. Full remediation requires the application of MS12-034 patch available through Windows Updates.
Solution
Microsoft patch MS12-034 was issued to address this issue.