CVE-2013-1336Improper Input Validation in Microsoft NET Framework

CWE-20Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
60.2%
top 1.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedMay 15
Latest updateMay 14

Description

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-g8v7-2hc8-72qm: The Common Language Runtime (CLR) in Microsoft2022-05-14
CVEList
CVE-2013-1336: The Common Language Runtime (CLR) in Microsoft2013-05-15
CVE-2013-1336 — Improper Input Validation in Microsoft | cvebase