CVE-2013-0001Sensitive Information Exposure in Microsoft NET Framework

CWE-200Sensitive Information ExposureCWE-416Use After FreeCWE-399CWE-125Out-of-bounds Read14 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
15.0%
top 5.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedJan 9
Latest updateMay 5

Description

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework7 versions+6

🔴Vulnerability Details

3
GHSA
GHSA-2284-2gj7-8cqv: The Windows Forms (aka WinForms) component in Microsoft2022-05-05
Kernel
HID: ntrig: validate feature report details2013-08-28
CVEList
CVE-2013-0001: The Windows Forms (aka WinForms) component in Microsoft2013-01-09

💥Exploits & PoCs

1
Exploit-DB
SimpleRisk 20130915-01 - Multiple Vulnerabilities2013-09-30

📋Vendor Advisories

4
Red Hat
webkitgtk: use-after-free vulnerability in the handling of input (WSA-2015-0001)2015-01-26
Red Hat
webkitgtk: use-after-free in the HTMLFormElement::prepareForSubmission() (WSA-2015-0001)2015-01-26
Red Hat
webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001)2015-01-26
Juniper
CVE-2013-4690: Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX2013-07-11

💬Community

3
Bugzilla
CVE-2013-2875 webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001)2015-01-27
Bugzilla
CVE-2013-2927 webkitgtk: use-after-free in the HTMLFormElement::prepareForSubmission() (WSA-2015-0001)2015-01-27
Bugzilla
CVE-2013-2871 webkitgtk: use-after-free vulnerability in the handling of input (WSA-2015-0001)2015-01-27
CVE-2013-0001 — Sensitive Information Exposure | cvebase