Vulnerability Details : CVE-2013-0004
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2013-0004
Probability of exploitation activity in the next 30 days: 50.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0004
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-0004
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0004
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16339
Repository / Oval Repository
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004
Microsoft Security Bulletin MS13-004 - Important | Microsoft Docs
-
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
Products affected by CVE-2013-0004
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*