CVE-2013-0002

Microsoft .NET Framework Remote Code Execution via WinForms Memory Copy

Title source: llm
STIX 2.1

Description

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343

Scores

EPSS 0.2512
EPSS Percentile 97.7%

Details

CWE
CWE-119
Status published
Products (7)
microsoft/.net_framework 1.0 sp3
microsoft/.net_framework 1.1 sp1
microsoft/.net_framework 2.0 sp2
microsoft/.net_framework 4.0
microsoft/.net_framework 3.5
microsoft/.net_framework 3.5.1
microsoft/.net_framework 4.5
Published Jan 09, 2013
Tracked Since Feb 18, 2026