CVE Database · CVE-2016-3367
CVSS v3.1
N/A
EPSS
17.79%
Published
Sep 14, 2016
Modified
May 6, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
Weaknesses (CWE)
Affected Products (1)
References (6)
