CVE-2013-0002
Microsoft .NET Framework Remote Code Execution via WinForms Memory Copy
Title source: llmDescription
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
Scores
EPSS
0.2512
EPSS Percentile
97.7%
Details
CWE
CWE-119
Status
published
Products (7)
microsoft/.net_framework
1.0 sp3
microsoft/.net_framework
1.1 sp1
microsoft/.net_framework
2.0 sp2
microsoft/.net_framework
4.0
microsoft/.net_framework
3.5
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.5
Published
Jan 09, 2013
Tracked Since
Feb 18, 2026