Vulnerability Description
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Framework | 1.0 |
| Microsoft | Windows Xp | - |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8 | - |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows Rt | - |
Related Weaknesses (CWE)
References
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-00
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-00
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2013-0001?
CVE-2013-0001 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtai...
How severe is CVE-2013-0001?
CVE-2013-0001 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0001?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows Xp, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.