CVE-2013-0002 โ€” Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft NET Framework

CWE-119 โ€” Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
9.3CRITICALNVD
EPSS
61.2%
top 1.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedJan 9
Latest updateMay 5

Description

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

โ–ถNVDmicrosoft/net_framework7 versions+6

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-c9mm-w4jh-r45h: Buffer overflow in the Windows Forms (aka WinForms) component in Microsoftโ†—2022-05-05
โ–ถ
Kernel
HID: sony: validate HID output report detailsโ†—2013-09-11
โ–ถ
CVEList
CVE-2013-0002: Buffer overflow in the Windows Forms (aka WinForms) component in Microsoftโ†—2013-01-09
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Apache
Apache camel: CVE-2014-0002โ†—
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2012-6098 moodle: Users without the appropriate capability were able to set a custom outcome (MSA-13-0002)โ†—2013-01-23
โ–ถ
CVE-2013-0002 โ€” Microsoft NET Framework vulnerability | cvebase