CVE-2013-3132 — Code Injection in Microsoft NET Framework
Severity
9.3CRITICALNVD
EPSS
7.1%
top 8.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 10
Latest updateMay 14
Description
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0