1. Home
  2. CVE Database
  3. CVE-2013-0073
HIGH · 10.0

CVE-2013-0073

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which al...

Vulnerability Description

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Microsoft.Net Framework3.5
MicrosoftWindows 8-
MicrosoftWindows Server 2012-
MicrosoftWindows 7-
MicrosoftWindows Server 2008r2
MicrosoftWindows Server 2003All versions
MicrosoftWindows VistaAll versions
MicrosoftWindows XpAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2013-0073?

CVE-2013-0073 is a vulnerability with a CVSS score of 10.0 (HIGH). The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which al...

How severe is CVE-2013-0073?

CVE-2013-0073 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0073?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows 7, Microsoft Windows Server 2008.