CVE-2013-0002: Buffer Overflow
First published: Wed Jan 09 2013(Updated: )
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Microsoft .NET Framework 4 | =1.0-sp3 | |
| Any of | ||
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp3 | |
| All of | ||
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Any of | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Microsoft .NET Framework 4 | =2.0-sp2 | |
| Any of | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Microsoft .NET Framework 4 | =4.0 | |
| Any of | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Microsoft .NET Framework 4 | =3.5 | |
| Any of | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows Server | ||
| All of | ||
| Microsoft .NET Framework 4 | =3.5.1 | |
| Any of | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| All of | ||
| Microsoft .NET Framework 4 | =4.5 | |
| Any of | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | ||
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft .NET Framework 4 | =1.0-sp3 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft .NET Framework 4 | =1.1-sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft .NET Framework 4 | =2.0-sp2 | |
| Microsoft .NET Framework 4 | =4.0 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft .NET Framework 4 | =3.5 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows Server | ||
| Microsoft .NET Framework 4 | =3.5.1 | |
| Microsoft .NET Framework 4 | =4.5 | |
| Microsoft Windows RT |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA13-008A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004
- https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343
- https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2013-0002?
CVE-2013-0002 has a critical severity rating due to its potential for remote code execution.
How do I fix CVE-2013-0002?
To fix CVE-2013-0002, apply the relevant Microsoft security updates outlined in the MS13-004 security bulletin.
Which versions of Microsoft .NET Framework are affected by CVE-2013-0002?
CVE-2013-0002 affects Microsoft .NET Framework versions 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5.
Can CVE-2013-0002 lead to system compromise?
Yes, CVE-2013-0002 can allow remote attackers to execute arbitrary code, possibly leading to system compromise.
What types of applications can exploit CVE-2013-0002?
CVE-2013-0002 can be exploited through crafted XAML browser applications (XBAP) or malicious .NET Framework applications.
- agent/type
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft .net framework 4
- version/microsoft .net framework 4/1.0-sp3
- canonical/microsoft windows xp
- version/microsoft windows xp/sp3
- version/microsoft .net framework 4/1.1-sp1
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2
- version/microsoft windows xp/sp2
- version/microsoft .net framework 4/2.0-sp2
- version/microsoft .net framework 4/4.0
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- version/microsoft windows server/r2
- version/microsoft .net framework 4/3.5
- canonical/microsoft windows 8.0
- version/microsoft .net framework 4/3.5.1
- version/microsoft .net framework 4/4.5
- canonical/microsoft windows rt