Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 14
ASLR bypass in Microsoft Office
CVE-2013-5057
ASLR bypass
The vulnerability allows a remote attacker to bypass certain security restrictions.The weakness exists due to improper implementation of Address Space Layout Randomization (ASLR) within HXDS Office shared component. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and bypass the ASLR security feature.
Successful exploitation of the vulnerability may result in attacker's access to the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Microsoft Office
Signature validation bypass in Microsoft Windows
CVE-2013-3900
Sugnature verification bypass
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of PE file digests during Authenticode signature verification within WinVerifyTrust function. A remote attacker can create specially crafted signed PE file, trick the victim into executing it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Windows
Links:
https://blogs.technet.microsoft.com/srd/2013/12/10/ms13-098-update-to-enhance-the-security-of-authen...
https://technet.microsoft.com/en-us/library/security/ms13-098.aspx
https://www.symantec.com/security_response/vulnerability.jsp?bid=64079
http://blog.talosintel.com/2013/12/microsoft-update-tuesday-december-2013.html
http://blog.trendmicro.com/trendlabs-security-intelligence/december-patch-tuesday-addresses-tiff-vul...
http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
https://www.corero.com/resources/files/security_advisories/advisory_CNS_IPS_Microsoft_nVerifyTrust_C...
https://www.symantec.com/connect/blogs/microsoft-patch-tuesday-december-2013
https://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000559.aspx
Information disclosure in Microsoft Office
CVE-2013-5054
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to an error in handling of a specially crafted response when opening a malicious Office file. A remote attacker can create a specially crafted file using, host it on remote website, trick the victim into opening it and gain access to tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by the Adallom company and the attack was dubbed "Ice Dagger". The attackers used the vulnerability to steal Microsoft Office 365 authentication token. The victim of the unnamed company received an email with a link to attachment, located on a hidden server within TOR network. The vulnerability was reported to Microsoft in late May 2013.
Software: Microsoft Office
Links:
https://technet.microsoft.com/en-us/library/security/ms13-104.aspx
https://www.symantec.com/security_response/vulnerability.jsp?bid=64092
http://blog.talosintel.com/2013/12/microsoft-update-tuesday-december-2013.html
https://www.scmagazine.com/patch-tuesday-update-addresses-24-bugs-including-exploited-tiff-zero-day/...
http://news.softpedia.com/news/Newly-Patched-Office-365-Vulnerability-Used-in-Ice-Dagger-Targeted-At...
http://it.toolbox.com/blogs/securitymonkey/flaw-in-microsoft-office-365-allows-perfect-crime-58421
Privilege escalation in Microsoft Windows
CVE-2013-5065
Privilege escalation
The vulnerability allows a local attacker to obtain elevated privileges on the target system.The weakness exists due to improper validation of input by the NDProxy.sys kernel component. A local attacker with valid login credentials can use a malicious application to gain kernel privileges and execute arbitrary code on the system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Windows bug (CVE-2013-5065) was exploited in conjunction with a patched Adobe Reader bug (CVE-2013-3346) to evade the Reader sandbox.
Kaspersky Lab revealed the vulnerability was used in Epic Turla (cyber-espionage campaigns).
Software: Windows
Known/fameous malware:
PDF:Exploit.CVE-2013-5065.A
Gen:Trojan.Heur.FU.ku3@aSHWAmji
Kaspersky Lab revealed the vulnerability was used in Epic Turla (cyber-espionage campaigns).
Links:
https://www.fireeye.com/blog/threat-research/2013/12/cve-2013-33465065-technical-analysis.html
https://www.fireeye.com/blog/threat-research/2013/11/ms-windows-local-privilege-escalation-zero-day-...
https://technet.microsoft.com/en-us/library/security/2914486.aspx
https://blogs.technet.microsoft.com/msrc/2013/11/27/microsoft-releases-security-advisory-2914486/
https://www.offensive-security.com/vulndev/ndproxy-local-system-exploit-cve-2013-5065/
https://www.trustwave.com/Resources/SpiderLabs-Blog/The-Kernel-is-calling-a-zero(day)-pointer-%E2%80...
https://penturalabs.wordpress.com/2013/12/11/ndproxy-privilege-escalation-cve-2013-5065/
http://securityaffairs.co/wordpress/20092/hacking/windows-xp-zero-day.html
https://labs.portcullis.co.uk/blog/cve-2013-5065-ndproxy-array-indexing-error-unpatched-vulnerabilit...
https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attac...
https://www.scmagazine.com/windows-xp-zero-day-under-active-attack/article/543166/
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
https://securingtomorrow.mcafee.com/mcafee-labs/product-coverage-and-mitigation-for-cve-2013-5065/
Remote code execution in Microsoft Windows
CVE-2013-3918
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds memory access within InformationCardSigninHelper Class ActiveX control (icardie.dll). A remote attacker can create specially crafted Web page that passes an overly long string argument to vulnerable ActiveX component, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerabilty was introduced on 07.27.2005, but publically disclosed later by Xiaobo Chen and Dan Caselden of FireEye.
The vulnerability has been exploited by the APTgroup behind the 2009 Aurora attack. The exploit uses a technique ROP (return-oriented-programming). According to FireEye, the attack has a link to the infrastructure used in Operation DeputyDog and Operation Ephemeral Hydra, which began in August and targeted organizations in Japan.
Software: InformationCardSigninHelper Class ActiveX control
The vulnerability has been exploited by the APTgroup behind the 2009 Aurora attack. The exploit uses a technique ROP (return-oriented-programming). According to FireEye, the attack has a link to the infrastructure used in Operation DeputyDog and Operation Ephemeral Hydra, which began in August and targeted organizations in Japan.
Links:
https://technet.microsoft.com/en-us/library/security/ms13-090.aspx
https://www.fireeye.com/blog/threat-research/2013/11/new-ie-zero-day-found-in-watering-hole-attack.h...
https://blogs.technet.microsoft.com/msrc/2013/11/11/activex-control-issue-being-addressed-in-update-...
https://blogs.technet.microsoft.com/srd/2013/11/12/technical-details-of-the-targeted-attack-using-ie...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27146
http://eromang.zataz.com/2015/12/23/cve-2013-3918-cardspaceclaimcollection-activex-integer-underflow...
http://www.darkreading.com/new-ie-vulnerability-found-in-the-wild-sophisticated-web-exploit-follows/...?
http://www.securityweek.com/microsoft-patches-vulnerability-attackers-used-target-ie-users
https://blog.threattrack.com/a-look-inside-a-cve-2013-3918-exploit/
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
http://www.zdnet.com/article/ie-zero-day-used-by-cyber-arms-dealers-and-chinese-hackers/
https://support.ixiacom.com/about-us/news-events/corporate-blog/completing-deputydog-apt
http://www.darkreading.com/vulnerabilities---threats/fireeye-releases-2013-lab-performance-stats/d/d...
Remote code execution in Microsoft Graphics Component
CVE-2013-3906
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious images. A remote attacker can create specially crafted TIFF image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The meta date of the files were set to October 17, 2013, which may suggest a creation time of this exploit.
Attacks leveraging this zero-day exploit revealed that the Hangover group, believed to operate from India, has compromised 78 computers, 47 percent of those in Pakistan. The attacks observed are very limited and carefully carried out against selected computers, largely in the Middle East and South Asia.
Software: Microsoft Office
Attacks leveraging this zero-day exploit revealed that the Hangover group, believed to operate from India, has compromised 78 computers, 47 percent of those in Pakistan. The attacks observed are very limited and carefully carried out against selected computers, largely in the Middle East and South Asia.
Links:
https://technet.microsoft.com/en-us/library/security/2896666.aspx
https://technet.microsoft.com/en-us/library/security/ms13-096
https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-micro...
https://securingtomorrow.mcafee.com/business/security-connected/updates-and-mitigation-to-cve-2013-3...
https://blogs.technet.microsoft.com/srd/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-...
https://www.fireeye.com/blog/threat-research/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both...
https://www.crowdstrike.com/blog/analysis-cve-2013-3906-exploit/
http://www.primalsecurity.net/analysis-of-malicious-document-using-cve-2013-3906/
http://blog.trendmicro.com/trendlabs-security-intelligence/how-to-avoid-the-latest-microsoft-office-...
http://securityaffairs.co/wordpress/19460/hacking/microsoft-cve-2013-3906-zero-day.html
https://www.symantec.com/connect/forums/if-sep-daily-definition-covers-exploit-cve-2013-3906
Remote code execution in Microsoft Internet Explorer
CVE-2013-3897
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to user-after-free vulnerability in the CDisplayPointer object. A remote attacker can create a specially crafted Web page containing, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Used in Pawn Storm campaign.
A zero-day was used in highly targeted, low-volume attacks in Korea,
Hong Kong, and the United States, as early as September 18th, 2013.
Software: Microsoft Internet Explorer
A zero-day was used in highly targeted, low-volume attacks in Korea, Hong Kong, and the United States, as early as September 18th, 2013.
Links:
https://technet.microsoft.com/en-us/library/security/ms13-080.aspx
https://blogs.technet.microsoft.com/srd/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limi... https://technet.microsoft.com/library/security/ms13-080 http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-pawn-storm-fast-facts
https://blogs.forcepoint.com/security-labs/zero-day-attack-internet-explorer-cve-2013-3897-goes-high...
http://blog.talosintel.com/2013/10/ie-zero-day-cve-2013-3897-youve-been.html
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=607
https://www.symantec.com/security_response/vulnerability.jsp?bid=62811
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27102
https://media.paloaltonetworks.com/lp/endpoint-security/blog/cve-2013-3897-analysis-of-yet-another-i...
http://eromang.zataz.com/2015/12/23/cve-2013-3897-microsoft-internet-explorer-cdisplaypointer-use-af...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/MS13_080_CDISPLAYPOINTER
https://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-targeted-attacks-against-korea...
http://www.benhayak.com/2013_11_01_archive.html
https://www.trustwave.com/Resources/SpiderLabs-Blog/The-Technical-Aspects-of-Exploiting-IE-Zero-Day-...
https://krebsonsecurity.com/2013/10/adobe-microsoft-push-critical-security-fixes-3/#more-23010
Remote code execution in Microsoft Internet Explorer
CVE-2013-3893
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in SetMouseCapture implementation. A remote attacker can create specially crafted JavaScript, place it on a Web page, trick the victim into visiting it using Internet Explorer, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability used ROP-chain technique and was exploited in Campaign Operation DeputyDog.
The vulnerability was initially found in the wild in Japan, but other regions such as English, Chinese, Korean, etc, were targeted as well.
Software: Microsoft Internet Explorer
The vulnerability was initially found in the wild in Japan, but other regions such as English, Chinese, Korean, etc, were targeted as well.
Links:
https://technet.microsoft.com/en-us/library/security/2887505
https://technet.microsoft.com/en-us/library/security/ms13-080
https://blogs.technet.microsoft.com/srd/2013/09/17/cve-2013-3893-fix-it-workaround-available/
https://blogs.technet.microsoft.com/srd/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limi...
https://nakedsecurity.sophos.com/2013/10/11/anatomy-of-an-exploit-ie-zero-day-part-1/
https://nakedsecurity.sophos.com/2013/10/25/anatomy-of-an-exploit-inside-the-cve-2013-3893-internet-...
https://www.f-secure.com/en/web/labs_global/cve-2013-3893
https://community.rapid7.com/community/metasploit/blog/2013/09/30/metasploit-releases-cve-2013-3893-...
https://www.symantec.com/security_response/vulnerability.jsp?bid=62453
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=70073
http://eromang.zataz.com/2015/12/22/cve-2013-3893-microsoft-internet-explorer-setmousecapture-uaf/
https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-part-2-zero-day-exploit-ana...
https://sgros-students.blogspot.com/2014/01/exploiting-and-analysing-cve-2013-3893.html
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/product-coverage-and-mitigation...
https://securityintelligence.com/trusteers-exploit-prevention-stops-attacks-targeting-new-ie-zero-da...
https://media.paloaltonetworks.com/lp/endpoint-security/blog/cve-2013-3893-analysis-of-the-new-ie-0-...
http://tipstrickshack.blogspot.com/2013/10/exploit-for-all-ie-versioncve-2013-3893.html
Remote code execution in Microsoft Internet Explorer
CVE-2013-3163
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in CBlockContainerBlock. A remote attacker can create specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability reffers to "Waterring hole attack".
Software: Microsoft Internet Explorer
Links:
https://h41382.www4.hpe.com/gfs-shared/downloads-226.pdf
https://technet.microsoft.com/en-us/library/security/ms13-055.aspx
https://www.fireeye.com/blog/threat-research/2013/10/aslr-bypass-apocalypse-in-lately-zero-day-explo...
https://www.symantec.com/security_response/vulnerability.jsp?bid=60975
http://www.zdnet.com/article/microsoft-admits-internet-explorer-flaw-targeted-by-hackers/
https://securingtomorrow.mcafee.com/mcafee-labs/new-zero-day-attack-copies-earlier-flash-exploitatio...
http://www.computerworld.com/article/2483926/microsoft-windows/targeted-attacks-exploit-now-patched-...
https://media.paloaltonetworks.com/lp/endpoint-security/blog/cve-2013-3163-internet-explorer-vulnera...
https://blogs.technet.microsoft.com/srd/2013/07/10/running-in-the-wild-not-for-so-long/
Remote code execution in Microsoft Office
CVE-2013-1331
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow when processing malicious PNG files. A remote attacker can create specially crafted file, trick the victim into opening it using an affected version of Microsoft Office, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was reported by Andrew Lyons and Neel Mehta of Google Inc.
Using the samples provided by Microsoft, Romang scoured Google’s cache and found the earliest document that attempted to fetch the exploit dated from February, 2013. The document referenced territory disputes between China and the Philippines.
However, Romang uncovered another Word document created in 2009 that, according to Google’s Virus Total service, would also exploit the flaw Microsoft patched. The file’s title “The corruption of Mahathir†referred to a Malaysian politician, fitting Microsoft’s list of possible targets. Both documents to a Bridging Links URL.
The vulnerability might have been spotted in the wild, with campaigns starting as early as 2009. Microsoft believe attacks were limited to Indonesia and Malaysia.
Software: Microsoft Office
Known/fameous malware:
Trojan.Mdropper.
Using the samples provided by Microsoft, Romang scoured Google’s cache and found the earliest document that attempted to fetch the exploit dated from February, 2013. The document referenced territory disputes between China and the Philippines.
However, Romang uncovered another Word document created in 2009 that, according to Google’s Virus Total service, would also exploit the flaw Microsoft patched. The file’s title “The corruption of Mahathir†referred to a Malaysian politician, fitting Microsoft’s list of possible targets. Both documents to a Bridging Links URL.
The vulnerability might have been spotted in the wild, with campaigns starting as early as 2009. Microsoft believe attacks were limited to Indonesia and Malaysia.
Links:
https://technet.microsoft.com/en-us/library/security/ms13-051.aspx
https://www.symantec.com/security_response/vulnerability.jsp?bid=60408
https://www.symantec.com/connect/blogs/microsoft-office-cve-2013-1331-coverage
https://media.paloaltonetworks.com/lp/endpoint-security/blog/cve-2013-1331-a-zero-day-disclosed.html
http://eromang.zataz.com/2013/06/13/ms13-051-cve-2013-1331-what-we-know-about-microsoft-office-zero-...
https://threatpost.com/important-office-2003-zero-day-deserves-second-look/100990/
https://blogs.technet.microsoft.com/srd/2013/06/11/ms13-051-get-out-of-my-office/
http://dataprotectioncenter.com/general/microsoft-office-cve-2013-1331-coverage/
http://blog.trendmicro.com/trendlabs-security-intelligence/light-june-2013-patch-tuesday-is-no-reaso...
Privilege escalation in Microsoft Windows
CVE-2013-3660
Privilege escalation
The vulnerability allows a local attacker to obtain elevated privileges on the target system.The weakness exists due to the failure to properly initialize a pointer for the next object in a certain list by the EPATHOBJ::pprFlattenRec function within kernel-mode driver (win32k.sys). A local attacker can use multiple FlattenPath function calls to obtain write access to the PATHRECORD chain and execute arbitrary code on the system with elevated privileges.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Tavis Ormandy, a Google security engineer, reported a critical bug to Microsoft only five days before going public.
The vulnerability has being used by Carbanak group.
Software: Windows
Known/fameous malware:
Cidox/Rovnix Bootkit
PowerLoader
The vulnerability has being used by Carbanak group.
Remote code execution in Microsoft Internet Explorer
CVE-2013-1347
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in the CGenericElement object. A remote attacker can create specially crafted Web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability has been exploited in watering hole attack against Department of Labor (DoL). Used in Pawn Storm campaign.
Software: Microsoft Internet Explorer
Links:
https://www.fireeye.com/blog/threat-research/2013/05/ie-zero-day-is-used-in-dol-watering-hole-attack...
https://technet.microsoft.com/en-us/library/security/2847140.aspx
https://technet.microsoft.com/en-us/library/security/ms13-may.aspx
https://technet.microsoft.com/en-us/library/security/ms13-038
https://nakedsecurity.sophos.com/2013/05/09/microsoft-rushes-out-cve-2013-1347-fix-it-for-the-latest...
https://securityintelligence.com/cve-2013-1347-microsoft-internet-explorer-cgenericelement-object-us...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26721
http://stopmalvertising.com/malware-reports/cve-2013-1347-new-internet-explorer-8-0-day-used-in-wate...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/IE_CGENERICELEMENT_UAF
https://krebsonsecurity.com/2013/05/zero-day-exploit-published-for-ie8/
https://blogs.forcepoint.com/security-labs/internet-explorer-zero-day-vulnerability-cve-2013-1347-up...
https://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000479.aspx
https://blog.qualys.com/laws-of-vulnerabilities/2013/05/04/new-0-day-in-microsoft-internet-explorer-...
https://www.threatconnect.com/blog/threatconnect-gets-root-targeted-exploitation-campaigns/
Cross-site scripting in Microsoft SharePoint Server
CVE-2013-1289
Cross-site scripting
The vulnerability allows a remote attacker to obtain elevated privileges on the target system.The weakness exists due to an error related to the way HTML strings are sanitized by HTML Sanitization components. A remote attacker can create a specially crafted URL, trick the victim into opening it, take actions on the targeted site or read restricted content and obtain sensitive information with elevated privileges.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Microsoft SharePoint Server
Remote code execution in Microsoft Silverlight
CVE-2013-0074
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when rendering an HTML object. A remote attacker can create a specially crafted Web site containing a malicious Silverlight applicationt, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Microsoft Silverlight
Known/fameous malware:
Exploit kits: Angler, Archie, Astrum, Fiesta, Hanjuan, Infinity (Exploit kit), Neutrino, Nuclear Pack, RIG.
Links:
https://technet.microsoft.com/en-us/library/security/ms13-022.aspx
https://www.zscaler.com/blogs/research/exploit-kits-anatomy-silverlight-exploit
https://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf
https://www.symantec.com/security_response/vulnerability.jsp?bid=58327
http://journeyintoir.blogspot.com/2014/05/cve-2013-0074-3896-silverlight-exploit.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27612
http://www.vxsecurity.sg/2014/06/18/technical-tear-down-fiesta-exploit-kit-silverlight-exploit-cve-2...
http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-a-silverlight-exploit/
https://blog.malwarebytes.com/threat-analysis/2014/05/malvertising-campaign-on-popular-site-leads-to...
http://blogs.cisco.com/security/angling-for-silverlight-exploits
https://www.scmagazine.com/more-exploits-including-silverlight-attack-packed-in-nuclear-kit/article/...
http://arstechnica.com/security/2014/05/move-over-java-drive-by-attacks-exploiting-microsoft-silverl...