CVE-2011-1845

Description

Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element.

Affected products

• Microsoft / silverlight4.0.60129.0
• Microsoft / silverlight2.0.31005.00 – 2.0.31005.00
• Microsoft / silverlight2.0.40115.00 – 2.0.40115.00
• Microsoft / silverlight3.0.40624.00 – 3.0.40624.00
• Microsoft / silverlight3.0.40723.0 – 3.0.40723.0
• Microsoft / silverlight3.0.40818.0 – 3.0.40818.0
• Microsoft / silverlight3.0.50106.0 – 3.0.50106.0

References

• MISChttp://isc.sans.edu/diary.html?storyid=10747
• MISChttp://support.microsoft.com/kb/2526954