The 2016 Pwnie Nominee For Best Client-Side Bug

MS16-006 Silverlight BinaryReader Out-Of-Bounds Write RCE (CVE-2016-0034)

Credit: Unknown

It’s been a rough couple of years for Hacking Team. If getting pwned, doxxed, and a bunch of their exploits burned wasn’t enough, Kaspersky kept it going by trying to hunt down whatever exploits they may still have. Kaspersky wrote some special detections based on unique strings from Silverlight exploits that Vitaliy Toropov had previously submitted to the Packet Storm Bug Bounty program and waited for them to alert. On November 25th 2015, they detected an alert from one of their special detections and discovered that it was indeed a new zero-day exploit. And what a nice exploit that it was too! The bug is analyzed in Kaspersky’s blog post and is well worth a read.

MS16-006 Silverlight BinaryReader Out-Of-Bounds Write RCEĀ 

(CVE-2016-0034)