CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA13-008A.html	US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_xp:-:sp3:tablet_pc:::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp3:media_center:::::*

Configuration 2 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::

Configuration 3 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::

Configuration 4 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::r2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*

Configuration 5 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*
	cpe:2.3:o:microsoft:windows_8:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::
	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008::r2:itanium:::::

Configuration 7 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*
	cpe:2.3:o:microsoft:windows_8:-:-:x64:::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_rt:-:::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*

Information

Published : 2013-01-09 10:09

Updated : 2020-09-28 05:58

NVD link : CVE-2013-0002

Mitre link : CVE-2013-0002

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

microsoft

windows_7
windows_vista
windows_xp
windows_server_2008
windows_8
.net_framework
windows_rt
windows_server_2012
windows_server_2003

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html", "name": "TA13-008A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343", "name": "oval:org.mitre.oval:def:16343", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004", "name": "MS13-004", "tags": [], "refsource": "MS"}, {"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E", "name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka \"WinForms Buffer Overflow Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0002", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-01-09T18:09Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:tablet_pc:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:media_center:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-09-28T12:58Z"}

9.3 /10