Lucene search

[email protected]NVD:CVE-2013-0073

HistoryFeb 13, 2013 - 12:04 p.m.

CVE-2013-0073

2013-02-1312:04:12

CWE-264

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.589 Medium

EPSS

Percentile

97.8%

JSON

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka “WinForms Callback Elevation Vulnerability.”

Affected configurations

NVD

Node

microsoft.net_frameworkMatch3.5

AND

microsoftwindows_8Match--x64

microsoftwindows_8Match--x86

microsoftwindows_server_2012Match-

Node

microsoft.net_frameworkMatch3.5.1

AND

microsoftwindows_7Match-

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_server_2008Matchr2-itanium

microsoftwindows_server_2008Matchr2-x64

Node

microsoft.net_frameworkMatch4.0

AND

microsoftwindows_7Match-

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_server_2003sp2

microsoftwindows_server_2008sp2x86

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_server_2008Match-sp2x64

microsoftwindows_server_2008Matchr2-itanium

microsoftwindows_server_2008Matchr2-x64

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatchsp2professionalx64

Node

microsoft.net_frameworkMatch4.5

AND

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_8Match--x64

microsoftwindows_8Match--x86

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008sp2x86

microsoftwindows_server_2012Match-

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp2

Node

microsoft.net_frameworkMatch2.0sp2

AND

microsoftwindows_server_2003sp2

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008sp2x86

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

References

www.us-cert.gov/cas/techalerts/TA13-043B.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-015

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16475

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.589 Medium

EPSS

Percentile

97.8%

JSON

Related for NVD:CVE-2013-0073

prion1 cve1 symantec1 openvas2 nessus1 mskb1 cvelist1 securityvulns1