CVE-2013-0073Microsoft NET Framework vulnerability

CWE-2643 documents3 sources
Severity
10.0CRITICALNVD
EPSS
59.2%
top 1.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedFeb 13
Latest updateMay 5

Description

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/net_framework5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-j6wg-4rhr-4w7q: The Windows Forms (aka WinForms) component in Microsoft2022-05-05
CVEList
CVE-2013-0073: The Windows Forms (aka WinForms) component in Microsoft2013-02-13
CVE-2013-0073 — Microsoft NET Framework vulnerability | cvebase