Vulnerability in Microsoft .Net_framework
CVE-2013-0073
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitr…
EPSS: 0.558 (98.1th percentile) — read the EPSS interpretation.
Affected products
- Microsoft .Net_framework — versions 3.5, 3.5.1, 4.0
- Microsoft Windows_7
- Microsoft Windows_8
- Microsoft Windows_server_2003
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_server_2012
- Microsoft Windows_vista
- Microsoft Windows_xp — versions sp2
- N/a — versions n/a
Weakness classification (CWE)
References
- oval:org.mitre.oval:def:16475 (x_refsource_OVAL, signature, vdb-entry)
- TA13-043B (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
- MS13-015 (x_refsource_MS, vendor-advisory)