First published: Wed Jan 09 2013(Updated: )
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Microsoft .NET Framework 4 | =1.0-sp3 | |
Any of | ||
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp3 | |
All of | ||
Microsoft .NET Framework 4 | =1.1-sp1 | |
Any of | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
All of | ||
Microsoft .NET Framework 4 | =2.0-sp2 | |
Any of | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
All of | ||
Microsoft .NET Framework 4 | =4.0 | |
Any of | ||
Microsoft Windows 7 | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
All of | ||
Microsoft .NET Framework 4 | =3.5 | |
Any of | ||
Microsoft Windows 8.0 | ||
Microsoft Windows 8.0 | ||
Microsoft Windows Server | ||
All of | ||
Microsoft .NET Framework 4 | =3.5.1 | |
Any of | ||
Microsoft Windows 7 | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 | |
All of | ||
Microsoft .NET Framework 4 | =4.5 | |
Any of | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 8.0 | ||
Microsoft Windows 8.0 | ||
Microsoft Windows RT | ||
Microsoft Windows Server | ||
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft .NET Framework 4 | =1.0-sp3 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp3 | |
Microsoft .NET Framework 4 | =1.1-sp1 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
Microsoft .NET Framework 4 | =2.0-sp2 | |
Microsoft .NET Framework 4 | =4.0 | |
Microsoft Windows 7 | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 | |
Microsoft .NET Framework 4 | =3.5 | |
Microsoft Windows 8.0 | ||
Microsoft Windows 8.0 | ||
Microsoft Windows Server | ||
Microsoft .NET Framework 4 | =3.5.1 | |
Microsoft .NET Framework 4 | =4.5 | |
Microsoft Windows RT |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-0002 has a critical severity rating due to its potential for remote code execution.
To fix CVE-2013-0002, apply the relevant Microsoft security updates outlined in the MS13-004 security bulletin.
CVE-2013-0002 affects Microsoft .NET Framework versions 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5.
Yes, CVE-2013-0002 can allow remote attackers to execute arbitrary code, possibly leading to system compromise.
CVE-2013-0002 can be exploited through crafted XAML browser applications (XBAP) or malicious .NET Framework applications.