CVE-2013-0002

Published

9 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

High

Impact Analysis

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability.".

CVSSv2.0 Score

Severity: High
Base Score: 9.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 10/10
Confidentiality Impact: Complete
Availability Impact: Complete
Integrity Impact: Complete

Products Affected

CPE	Affected	Excluding
cpe:2.3:a:microsoft:.net_framework:1.0:sp3::::::	Yes	-
cpe:2.3:o:microsoft:windows_xp:-:sp3:media_center:::::*	No	-
cpe:2.3:o:microsoft:windows_xp:-:sp3:tablet_pc:::::*	No	-
cpe:2.3:a:microsoft:.net_framework:1.1:sp1::::::	Yes	-
cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::	No	-
cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::*:	No	-
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	No	-
cpe:2.3:o:microsoft:windows_xp::sp3::::::*	No	-
cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	No	-
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	No	-
cpe:2.3:a:microsoft:.net_framework:2.0:sp2::::::	Yes	-
cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::	No	-
cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::*:	No	-
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	No	-
cpe:2.3:o:microsoft:windows_xp::sp3::::::*	No	-
cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	No	-
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	No	-
cpe:2.3:a:microsoft:.net_framework:4.0:::::::*	Yes	-
cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::	No	-
cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::*:	No	-
cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	No	-
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*	No	-
cpe:2.3:o:microsoft:windows_7:-:::::::*	No	-
cpe:2.3:o:microsoft:windows_xp::sp3::::::*	No	-
cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_server_2008::r2:itanium::::*	No	-
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*	No	-
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	No	-
cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	No	-
cpe:2.3:a:microsoft:.net_framework:3.5:::::::*	Yes	-
cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*	No	-
cpe:2.3:o:microsoft:windows_8:-:-:x64:::::*	No	-
cpe:2.3:o:microsoft:windows_server_2012:-:::::::*	No	-
cpe:2.3:a:microsoft:.net_framework:3.5.1:::::::*	Yes	-
cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*	No	-
cpe:2.3:o:microsoft:windows_7:-:::::::*	No	-
cpe:2.3:o:microsoft:windows_server_2008::r2:itanium::::*	No	-
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*	No	-
cpe:2.3:a:microsoft:.net_framework:4.5:::::::*	Yes	-
cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::	No	-
cpe:2.3:o:microsoft:windows_rt:-:::::::*	No	-
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*	No	-
cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*	No	-
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*	No	-
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	No	-
cpe:2.3:o:microsoft:windows_8:-:-:x64:::::*	No	-
cpe:2.3:o:microsoft:windows_server_2012:-:::::::*	No	-

References

Scan your vulnerabilities for free. Start using Mageni today.

Mageni can help you to find, assess and manage your vulnerabilities.

Get Started for Free

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Supported by industry-leading vulnerability intelligence and CompTIA PenTest+ professionals, Mageni puts security expertise in your hands.

Internal and External Scans

Scan your internal and public assets for vulnerabilities.

Remediate

Get the recommendations to mitigate the risks and vulnerabilities.

Secure your Applications

Scan third-party applications like Java, Chrome, Adobe and more.

Comprehensive Coverage

Scan servers, workstations and network devices for vulnerabilities.

Report and Analyze

Receive a report of the vulnerabilities that affect your assets.

More visibility

Perform non-credentialed or credentialed scans.

Prioritize

Prioritize the vulnerabilities based on CVSS, severity and other variables.

SSL Certificates

Improve the security of your secure layer and certificates.

CVE-2013-0002

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Scan your vulnerabilities for free. Start using Mageni today.

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial

Product

Customer Service

Company

Compliance

CVE-2013-0002

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References

Scan your vulnerabilities for free. Start using Mageni today.

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial