1. Home
  2. CVE Database
  3. CVE-2013-0002
HIGH · 9.3

CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code v...

Vulnerability Description

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Microsoft.Net Framework1.0
MicrosoftWindows Xp-
MicrosoftWindows Server 2003All versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows VistaAll versions
MicrosoftWindows 7-
MicrosoftWindows 8-
MicrosoftWindows Server 2012-
MicrosoftWindows Rt-

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2013-0002?

CVE-2013-0002 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code v...

How severe is CVE-2013-0002?

CVE-2013-0002 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0002?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows Xp, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.