Lucene search

[email protected]CVE-2013-0001

HistoryJan 09, 2013 - 6:09 p.m.

CVE-2013-0001

2013-01-0918:09:37

CWE-200

[email protected]

web.nvd.nist.gov

cve-2013-0001

windows forms

winforms

microsoft .net framework

information disclosure

memory array initialization

remote attackers

xaml browser application

xbap

.net framework application

unmanaged memory location

system drawing

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka “System Drawing Information Disclosure Vulnerability.”

Affected configurations

NVD

Node

microsoft.net_frameworkMatch1.0sp3

AND

microsoftwindows_xpMatch-sp3media_center

microsoftwindows_xpMatch-sp3tablet_pc

Node

microsoft.net_frameworkMatch1.1sp1

AND

microsoftwindows_server_2003sp2

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008sp2x86

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoft.net_frameworkMatch2.0sp2

AND

microsoftwindows_server_2003sp2

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008sp2x86

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoft.net_frameworkMatch4.0

AND

microsoftwindows_7Match-

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_server_2003sp2

microsoftwindows_server_2008r2itanium

microsoftwindows_server_2008r2x64

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008sp2x86

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoft.net_frameworkMatch3.5

AND

microsoftwindows_8Match--x64

microsoftwindows_8Match--x86

microsoftwindows_server_2012Match-

Node

microsoft.net_frameworkMatch3.5.1

AND

microsoftwindows_7Match-

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_server_2008r2itanium

microsoftwindows_server_2008r2x64

Node

microsoft.net_frameworkMatch4.5

AND

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_8Match--x64

microsoftwindows_8Match--x86

microsoftwindows_rtMatch-

microsoftwindows_server_2012Match-

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp2

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq1.0

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	1.0

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15814

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for CVE-2013-0001

cvelist1 symantec1 nvd1 prion1 checkpoint_advisories1 openvas2 mskb1 nessus1 securityvulns1