Buffer overflow in Microsoft .Net_framework

CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser applicati…

Vulnerability class: Buffer Overflow

EPSS: 0.612 (98.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft .Net_framework — versions 1.0, 1.1, 2.0
Microsoft Windows_7
Microsoft Windows_8
Microsoft Windows_rt
Microsoft Windows_server_2003
Microsoft Windows_server_2008
Microsoft Windows_server_2012
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

TA13-008A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS13-004 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:16343 (x_refsource_OVAL, signature, vdb-entry)
[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html (mailing-list, x_refsource_MLIST)