CVE-2013-0003Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft NET Framework

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
61.3%
top 1.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedJan 9
Latest updateMay 5

Description

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/net_framework5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-7r63-7vx5-2c8f: Buffer overflow in a System2022-05-05
Kernel
HID: pantherlord: validate output report details2013-08-28
CVEList
CVE-2013-0003: Buffer overflow in a System2013-01-09
CVE-2013-0003 — Microsoft NET Framework vulnerability | cvebase