CVE-2013-0002

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
61.2%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: January 9, 2013 (4873 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."

CWE

CWE-119

Affected Products

microsoft .net framework

References

🔗 www.us-cert.gov 🔗 docs.microsoft.com 🔗 lists.apache.org 🔗 oval.cisecurity.org 🔗 www.us-cert.gov